TY - GEN
T1 - Comprehensive experimental analyses of automotive attack surfaces
AU - Checkoway, Stephen
AU - McCoy, Damon
AU - Kantor, Brian
AU - Anderson, Danny
AU - Shacham, Hovav
AU - Savage, Stefan
AU - Koscher, Karl
AU - Czeskis, Alexei
AU - Roesner, Franziska
AU - Kohno, Tadayoshi
PY - 2011/1/1
Y1 - 2011/1/1
N2 - Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
AB - Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
UR - http://www.scopus.com/inward/record.url?scp=85061034567&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061034567&partnerID=8YFLogxK
M3 - Conference contribution
T3 - Proceedings of the 20th USENIX Security Symposium
SP - 77
EP - 92
BT - Proceedings of the 20th USENIX Security Symposium
PB - USENIX Association
T2 - 20th USENIX Security Symposium
Y2 - 8 August 2011 through 12 August 2011
ER -