Spoofing attack using bus-off attacks against a specific ECU of the CAN bus

This paper reports spoofing attacks that exploit a vulnerability of the controller area network (CAN) protocol, which is often used in in-vehicle networks. However, authorized electronic control units (ECU) should be able to detect anomalous CAN message traffic. We focused on ECU states used for error handing. Bus-off attacks against the ECU have been proposed to induce transmission errors, and then transit the state of the target ECU to the bus-off state, in which the ECU cannot access the CAN bus. The attack combining the bus-off attack with the spoofing attack could not be detected by the authorized ECUs, and would consequently be a potential threat for the vehicle. In this paper, we propose a spoofing attack method that uses a bus-off attack and is not detected by the authorized ECUs. Based on the proposal, we implemented an attacker prototype using a field-programmable gate array. In a laboratory setting, we verified the attack in a simulated environment consisting of the attack hardware and ECU, and evaluated the effect of spoofing and the behavior of an actual car. The results showed that the transmission of regular messages was completely prevented, and the percentage of spoofing messages could be made 100%; that is, no error was detected in the ECUs of the car. We have verified the feasibility of the proposed method and the potential threat for actual cars. In the future, we will conduct studies to prevent vehicles from such attacks.