Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comprehensive Experimental Analyses of Automotive Attack Surfaces

Published byAbraham Collins Modified over 8 years ago

Similar presentations

Presentation on theme: "Comprehensive Experimental Analyses of Automotive Attack Surfaces"— Presentation transcript:

1 Comprehensive Experimental Analyses of Automotive Attack Surfaces
Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage University of California, San Diego Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno University of Washington Presented by Tejaswee Bhargava Pasumarti

2 Authors Stephen Checkoway
Research interests are in (embedded) systems security, health IT security, and voting particularly in voting security and post-election auditing. Damon McCoy Research includes work on wireless privacy, anonymous communication systems, cyber-physical security, and economics of e-crime. Brian Kantor Research interests include: Wireless and satellite communications, digital signal processing Alexei Czeskis Authentication in a variety of contexts: from resource constrained embedded devices (for example in RFIDs or automotive systems) to online transactions involving powerful desktop computers, and, of course, mobile devices. Franziska Roesner Research interests: security, privacy and systems. Karl Koscher Analyzing how information can leak from deniable file systems, developing embedded systems. Hovav Shacham Cybersecurity Policy, cryptography

3 Abstract Modern automobiles are pervasively computerized.
Vulnerable to attacks. Internal networks within modern cars are insecure. Whether automobiles are susceptible to remote compromise. Broad range of attack vectors. Wireless communications channels usage. Structural characteristics of automotive system and practical challenges.

4 Outline Introduction Threat Model Vehicle Attack Service
Vulnerability Analysis Indirect Physical Exploits Short-range Wireless Exploits Long-range Wireless Exploits Threat Motivation Fixes & Conclusion

5 Introduction Modern cars controlled by complex distributed computing systems. Systems are controlled by tens of heterogeneous processors (ECUs) ECUs : is a controller with responsibilities including braking, lighting, gps etc Each ECU has multiple interfaces fro different buses Millions of lines of code Multiple separate communication buses Benefits like efficiency, safety, cost New attacks are possible Analysis of external attack vectors

6 Threat Model Technical Capabilities
Capabilities in analyzing the system and developing exploits Focuses on making technical capabilities realistic Operational capabilities Analysis of attack surface of vehicles How malicious payload is delivered Indirect physical access, short-range wireless, long-range wireless accesses

7 Vehicle attack surface
Indirect physical access OBD-II On board diagnostics II Connects to all key CAN buses of vehicle Used during vehicle maintenance Entertainment : Disc, USB, iPod

8 Vehicle attack surface
Short-range wireless access Bluetooth Remote Keyless Entry Tire Pressure (TPMS) Wifi

9 Vehicle attack surface
Long-range wireless access GPS Satellite radio Digital radio Remote Telematics Systems

10 Vehicle attack surface

11 Vulnerability Analysis
Focused on moderately priced sedan with standard options and components Cars < 30 ECUS comprising both critical drivetrain components & less critical components PassThru for ECU diagnosis and reprogramming Every vulnerability demonstrated allowed complete control of vehicle’s system General Procedure: Identify microprocessor (PowerPC, ARM, Super-H, etc) Extract firmware and reverse engineer using debugging devices/software where possible Exploit vulnerability or simply reprogram ECU

12 Exploitation Summary

13 Indirect physical exploits
Media Player Accepts compact discs Software running on CPU handles audio parsing, UI functions, handles connections Two exploits Latent update capability of player manufacturer Updates when user does nothing WMA parser vulnerability Audio file parse correctly on a PC - In vehicle send arbitrary CAN packets

14 Indirect physical exploits
OBD-II Looked at PassThru device from manufacturere Found no authentication for PC’s on same WiFi network Found exploit allowing reprogramming of PassThru Allows for PassThru worm Allows for control of vehicle reprogramming Includes unsecured and unused Linux programs

15 Short-range wireless exploitation
Bluetooth: Found popular Bluetooth protocol stack with custom manufacture code on top Custom code contained 20 unsafe calls to strcpy() Indirect attack  assumes attacker has paired device Implemented Trojan on Android device to compromise machine Direct attack  exploits with a paired device Requires brute force of PIN to pair device (10 hours)  Limited by response of vehicle’s Bluetooth

16 Long-range wireless exploitation
Cellular attack Telematics SSL PPP 3G Telematics Software modem Voice channel Cell phone

17 Long-range wireless exploitation
Telematics Connectivity: Similar to Bluetooth  3rd party device with manufacturer code on top Again found exploit in transition from 3rd party to manufacturer “Command” program for data transfer Lucky for manufacturer  bandwidth did not allow exploit transfer within timeout Exploit required of authentication code Random nonce not so random Bug that allows authentication without correct response

18 Threat motivation Theft:
Scary version  mass attack cellular network creating vehicle botnet Able to have cars report VIN and GPS Can unlock doors, start engine and fully startup car Cannot disable steering column lock Surveillance: Allows audio recording from in-cabin microphone

19 Security fixes Looked at easily available fixes to exploits:
Standard security engineering best-practices e.g. don’t use unsafe strcpy  instead strncpy Removing debugging and error symbols Use stack cookies and ASLR Remove unused services e.g. telnet and ftp Code guards Authentication before re-flashing

20 Conclusion Vulnerability causes: Lack of adversarial pressure
Conflicting interests of ECU software manufacturers and car manufacturers Ex: Telematics, Bluetooth & Media Player Penetration testing

Download ppt "Comprehensive Experimental Analyses of Automotive Attack Surfaces"

Similar presentations

Mobile Computing and Commerce And Pervasive Computing

Mobile Computing and Commerce And Pervasive Computing
The Fully Networked Car Geneva, 3-4 March 2010 1 DEVELOPMENT OF OPEN-CORE FLEXRAY CONTROLLER FOR OEM ULTRA LOW COST AUTOMOTIVE APPLICATIONS PRAMOD.VSUBRAT.

The Fully Networked Car Geneva, 3-4 March DEVELOPMENT OF OPEN-CORE FLEXRAY CONTROLLER FOR OEM ULTRA LOW COST AUTOMOTIVE APPLICATIONS PRAMOD.VSUBRAT.
Experimental Security Analysis of a Modern Automobile

Experimental Security Analysis of a Modern Automobile
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Car Hacking Patrick, James, Penny.

Car Hacking Patrick, James, Penny.
Comprehensive Experimental Analyses of Automotive Attack Surfaces Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham,

Comprehensive Experimental Analyses of Automotive Attack Surfaces Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham,
Transmission technology William Kemp. Infrared Infrared data travels in shorter (near infrared waves). These waves enable data to be sent and receive.

Transmission technology William Kemp. Infrared Infrared data travels in shorter (near infrared waves). These waves enable data to be sent and receive.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Car Operating Systems Ryan Benesky. The Beginning of Car Computers 1970s Was the beginning of the EPA and regulations to clean up the environment. In.

Car Operating Systems Ryan Benesky. The Beginning of Car Computers 1970s Was the beginning of the EPA and regulations to clean up the environment. In.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
05-05-2005Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.

Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.
ETHICS IN COMPUTER SCIENCE Hacking and identity theft.

ETHICS IN COMPUTER SCIENCE Hacking and identity theft.
Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.

Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.
David Rogers, Stu Andrzejewski, Kelly Desmond, Brad Garrod.

David Rogers, Stu Andrzejewski, Kelly Desmond, Brad Garrod.
Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.

Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.
Mobile Handset Hardware Architecture

Mobile Handset Hardware Architecture
Michael Westra, CISSP June 2012 2012 BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.

Michael Westra, CISSP June BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.
Basic Data Communication

Basic Data Communication
Chapter 1- Introduction

Chapter 1- Introduction

Similar presentations

Ads by Google