Article

Comprehensive experimental analyses of automotive attack surfaces

Authors:

Stephen Checkoway,

Danny Anderson,

Alexei Czeskis,

Franziska Roesner,

Tadayoshi KohnoAuthors Info & Claims

SEC'11: Proceedings of the 20th USENIX conference on Security

Page 6

Published: 08 August 2011 Publication History

Abstract

Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model--requiring prior physical access--has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

References

[1]

BBC. Hack attacks mounted on car control systems. BBC News, May 17, 2010. Online: http://www.bbc.co. uk/news/10119492.

[2]

S. Bono, M. Green, A. Stubblefield, A. Juels, A. D. Rubin, and M. Szydlo. Security analysis of a cryptographically-enabled RFID device. In P. McDaniel, editor, USENIX Security 2005, pages 1-16. USENIX Association, July 2005.

Digital Library

[3]

R. Boyle. Proof-of-concept CarShark software hacks car computers, shutting down brakes, engines, and more. Popular Science, May 14, 2010. Online: http://www.popsci.com/cars/article/2010- 05/researchers-hack-car-computers-shutting-down-brakes-engine-and-more.

[4]

CAMP Vehicle Safety Communications Consortium. Vehicle safety communications project task 3 final report, Mar. 2005. Online: http://www.intellidriveusa. org/documents/vehicle-safety.pdf.

[5]

R. Charette. This car runs on code. Online: http://www.spectrum.ieee.org/feb09/7649, Feb. 2009.

[6]

T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. Manzuri Shalmani. On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. In D. Wagner, editor, Crypto '08, volume 5157 of LNCS, pages 203-20. Springer-Verlag, Aug. 2008.

Digital Library

[7]

N. Falliere, L. O Murchu, and E. Chien. W32.Stuxnet dossier version 1.3, Nov. 2010. Online: http://www.symantec.com/content/en/ us/enterprise/media/security_response/ whitepapers/w32_stuxnet_dossier.pdf.

[8]

FlexRay Consortium. FlexRay communications system protocol specification version 2.1 revision A, Dec. 2005. Online: http://www.flexray.com/index. php?pid=47.

[9]

A. Francillon, B. Danev, and S. Capkun. Relay attacks on passive keyless entry and start systems in modern cars. In A. Perrig, editor, NDSS 2011. ISOC, Feb. 2011.

[10]

T. Hoppe, S. Kiltz, and J. Dittmann. Security threats to automotive CAN networks - practical examples and selected short-term countermeasures. In M. D. Harrison and M.-A. Sujan, editors, SAFECOMP 2008, volume 5219 of LNCS, pages 235-248. Springer-Verlag, Sept. 2008.

Digital Library

[11]

S. Indesteege, N. Keller, O. Dunkelman, E. Biham, and B. Preneel. A practical attack on KeeLoq. In N. Smart, editor, Eurocrypt '08, volume 4965 of LNCS, pages 1-18. Springer-Verlag, Apr. 2008.

Digital Library

[12]

ISO. ISO 11898-1:2003 - Road vehicles - Controller area network. International Organization for Standardization, 2003.

[13]

F. Kargl, P. Papadimitratos, L. Buttyan, M. Müter, E. Schoch, B. Wiedersheim, T.-V. Thong, G. Calandriello, A. Held, A. Kung, and J.-P. Hubaux. Secure vehicular communication systems: implementation, performance, and research challenges. IEEE Communications Magazine, 46(11):110-118, 2008.

Digital Library

[14]

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. In D. Evans and G. Vigna, editors, IEEE Symposium on Security and Privacy. IEEE Computer Society, May 2010.

Digital Library

[15]

U. E. Larson and D. K. Nilsson. Securing vehicles against cyber attacks. In A. Mili and A. Krings, editors, CSIIRW '08, pages 30:1-30:3. ACM Press, May 2008.

Digital Library

[16]

J. Leyden. Boffins warn on car computer security risk. The Register, May 14, 2010. Online: http://www.theregister.co.uk/2010/05/ 14/car_security_risks/.

[17]

P. Magney. iPod connections expected in more than half of U.S. car models in 2009. Online: http://www. isuppli.com/Automotive-Infotainment-and-Telematics/MarketWatch/Pages/iPod-Connections-Expected-in-More-than-Half-of-U-S-Car-Models-in-2009.aspx, Oct. 2008.

[18]

J. Markoff. Stung by security flaws, Microsoft makes software safety a top goal. The New York Times, Jan. 2002.

[19]

C. Mundie. Trustworthy computing. Online: http://download.microsoft.com/download/ a/f/2/af22fd56-7f19-47aa-8167- 4b1d73cd3c57/twc_mundie.doc, Oct. 2002.

[20]

NPR. 'Rifle' sniffs out vulnerability in bluetooth devices. All Things Considered, Apr 13, 2005.

[21]

M. Raya and J.-P. Hubaux. Securing vehicular ad hoc networks. Journal of Computer Security, 15(1):39-68, 2007.

[22]

I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In I. Goldberg, editor, USENIX Security 2010, pages 323-338. USENIX Association, Aug. 2010.

Digital Library

[23]

D. Spill and A. Bittau. Bluesniff: Eve meets alice and bluetooth. In D. Boneh, T. Garfinkel, and D. Song, editors, WOOT 2007, pages 1-10. USENIX Association, 2007.

Digital Library

[24]

P. R. Thorn and C. A. MacCarley. A spy under the hood: Controlling risk and automotive EDR. Risk Management, Feb. 2008.

[25]

J. Vijayan. Update: Android gaming app hides Trojan, security vendors warn. Computerworld, Aug. 17, 2010. Online: http://www.computerworld.com/s/ article/9180844/Update_Android_gaming_ app_hides_Trojan_security_vendors_ warn.

[26]

M. Wolf, A. Weimerskirch, and C. Paar. Security in automotive bus systems. In C. Paar, editor, ESCAR 2004, Nov. 2004.

[27]

M. Wolf, A. Weimerskirch, and T. Wollinger. State of the art: Embedding security in vehicles. EURASIP Journal on Embedded Systems, 2007.

[28]

Y. Zhao. Telematics: safe and fun driving. Intelligent Systems, IEEE, 17(1):10-14, Jan./Feb. 2002.

Digital Library

Cited By

Gehrer SGuajardo JChang CRührmair USzefer JBatina LRegazzoni F(2024)PHIDIAS: Power Signature Host-based Intrusion Detection in Automotive MicrocontrollersProceedings of the 2024 Workshop on Attacks and Solutions in Hardware Security10.1145/3689939.3695780(36-47)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689939.3695780
Guerra LXu LBellavista PChapuis TDuc GMozharovskyi PNguyen VFritz MKrauß CHof H(2024)AI-Driven Intrusion Detection Systems (IDS) on the ROAD Dataset: A Comparative Analysis for Automotive Controller Area Network (CAN)Proceedings of the 2024 Cyber Security in CarS Workshop10.1145/3689936.3694696(39-49)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689936.3694696
Tang ZSerag KZonouz SCelik ZXu DBeyah RLuo BLiao XXu JKirda ELie D(2024)ERACAN: Defending Against an Emerging CAN Threat ModelProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690267(1894-1908)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690267
Show More Cited By

Comprehensive experimental analyses of automotive attack surfaces
1. Networks
  1. Network types
2. Social and professional topics
  1. Computing / technology policy

Recommendations

A comprehensive categorization of DDoS attack and DDoS defense techniques
ADMA'06: Proceedings of the Second international conference on Advanced Data Mining and Applications

Distributed Denial of Service (DDoS) attack is the greatest security fear for IT managers. With in no time, thousands of vulnerable computers can flood victim website by choking legitimate traffic. Several specific security measurements are deployed to ...
Autonomous Vehicle Security: Composing Attack, Defense, and Policy Surfaces
NSPW '22: Proceedings of the 2022 New Security Paradigms Workshop

An attack surface enumerates resources accessible to an attacker for cyber attacks on a system. These resources are: methods that can be called as part of an attack; channels that an attacker outside the system can use to get to a system’s interface; ...
Security Analysis Methodology for Modern Automobiles: Attack Surfaces, Targets and Impacts

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'11: Proceedings of the 20th USENIX conference on Security

August 2011

35 pages

Program Chair:
David Wagner
University of California, Berkeley

Sponsors

NSF: National Science Foundation
Google Inc.
IBMR: IBM Research
Microsoft Research: Microsoft Research
RSA: The Security Division of EMC

Publisher

USENIX Association

United States

Publication History

Published: 08 August 2011

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

191
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gehrer SGuajardo JChang CRührmair USzefer JBatina LRegazzoni F(2024)PHIDIAS: Power Signature Host-based Intrusion Detection in Automotive MicrocontrollersProceedings of the 2024 Workshop on Attacks and Solutions in Hardware Security10.1145/3689939.3695780(36-47)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689939.3695780
Guerra LXu LBellavista PChapuis TDuc GMozharovskyi PNguyen VFritz MKrauß CHof H(2024)AI-Driven Intrusion Detection Systems (IDS) on the ROAD Dataset: A Comparative Analysis for Automotive Controller Area Network (CAN)Proceedings of the 2024 Cyber Security in CarS Workshop10.1145/3689936.3694696(39-49)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689936.3694696
Tang ZSerag KZonouz SCelik ZXu DBeyah RLuo BLiao XXu JKirda ELie D(2024)ERACAN: Defending Against an Emerging CAN Threat ModelProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690267(1894-1908)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690267
Sommer FGierl MKriesten RKargl FSax E(2024)Combining Cyber Security Intelligence to Refine Automotive Cyber ThreatsACM Transactions on Privacy and Security10.1145/364407527:2(1-34)Online publication date: 5-Feb-2024
https://dl.acm.org/doi/10.1145/3644075
Hu XHuang GNing YWang LSuo JOta KZhang J(2024)A Lightweight and Confidential Communication Scheme for On-Vehicle ECUsIEEE Network: The Magazine of Global Internetworking10.1109/MNET.2024.336594638:3(34-40)Online publication date: 20-Feb-2024
https://dl.acm.org/doi/10.1109/MNET.2024.3365946
Serag KBhatia RFaqih AOzmen MKumar VCelik ZXu DCalandrino JTroncoso C(2023)ZBCANProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620623(6893-6910)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620623
Marder AZhang ZMok RPadmanabhan RHuffaker BLuckie MDainotti AClaffy KSnoeren ASchulman ACalandrino JTroncoso C(2023)Access deniedProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620622(6877-6892)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620622
Islam MOh IUgli MYim K(2023)Enhancing In-Vehicle Network Security Through Bitstream Feature Extraction-Based Intrusion DetectionProceedings of the 2023 Fifteenth International Conference on Contemporary Computing10.1145/3607947.3607989(224-229)Online publication date: 3-Aug-2023
https://dl.acm.org/doi/10.1145/3607947.3607989
Mehta JRichard GLugosch LYu DMeyer B(2023)DT-DS: CAN Intrusion Detection with Decision Tree EnsemblesACM Transactions on Cyber-Physical Systems10.1145/35661327:1(1-27)Online publication date: 22-Mar-2023
https://dl.acm.org/doi/10.1145/3566132
Thakur SMoreno CFischmeister S(2022)CANOA: CAN Origin Authentication through Power Side-channel MonitoringACM Transactions on Cyber-Physical Systems10.1145/35712888:2(1-30)Online publication date: 18-Nov-2022
https://dl.acm.org/doi/10.1145/3571288
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten