Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses

Recent years have led the path to the evolution of automotive technology and with these new developments, modern vehicles are getting increasingly astute and offering growing quantities of innovative applications that cover various functionalities. These functionalities are controlled by hundreds of Electronic Control Units (ECUs) which are connected to each other via the Control Area Network (CAN) bus. Although ECUs are designed to offer various amenities that are associated with modern vehicles including comfort, such features expose new attack surfaces that can be harnessed by attackers. This trend is exacerbated by the fact that many of these ECUs rely on wireless communication for interacting with the outside world. Therefore, making them vulnerable to common threats such as malware injection that can compromise the overall security of modern vehicles. In this paper, we provide a detailed description of the architecture associated with intelligent vehicles, and identify various security issues and vulnerabilities that impact such systems. We provide an overview of different malware types and the vectors of attacks they leverage for infecting modern vehicles. This work also presents a detailed survey of available defenses against such attacks including: signature, behavior, heuristic, cloud, and machine learning-based detection measures. Furthermore, this paper intends to assist researchers in becoming familiar with the available defenses and how they can be applied to secure intelligent vehicles against emerging malware threats that can compromise the security of today’s vehicles. It also provides future directions for researchers who are interested in developing new defenses that can safeguard intelligent vehicles systems against malware attacks.