Comprehensive Experimental Analyses of Automotive Attack Surfaces

Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model--requiring prior physical access--has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

[1]  Yilin Zhao Telematics: Safe and Fun Driving , 2002, IEEE Intell. Syst..

[2]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[3]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[4]  Dot Hs Vehicle Safety Communications Project Task 3 Final Report Identify Intelligent Vehicle Safety Applications Enabled by DSRC , 2005 .

[5]  André Weimerskirch,et al.  State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..

[6]  Andrea Bittau,et al.  BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[7]  Zhiyi Fang,et al.  Securing Vehicular Ad Hoc Networks , 2007, 2007 2nd International Conference on Pervasive Computing and Applications.

[8]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: implementation, performance, and research challenges , 2008, IEEE Communications Magazine.

[9]  Peter R. Thom,et al.  A Spy Under the Hood: Controlling Risk and Automotive EDR , 2008 .

[10]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[11]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[12]  Ulf E. Larson,et al.  Securing vehicles against cyber attacks , 2008, CSIIRW '08.

[13]  Eli Biham,et al.  A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[14]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[15]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[16]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.