TY - GEN
T1 - Experimental security analysis of a modern automobile
AU - Koscher, Karl
AU - Czeskis, Alexei
AU - Roesner, Franziska
AU - Patel, Shwetak
AU - Kohno, Tadayoshi
AU - Checkoway, Stephen
AU - McCoy, Damon
AU - Kantor, Brian
AU - Anderson, Danny
AU - Snachám, Hovav
AU - Savage, Stefan
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.
AB - Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.
KW - Automobiles
KW - Communication standards
KW - Communication system security
KW - Computer security
KW - Data buses
UR - http://www.scopus.com/inward/record.url?scp=77955201139&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77955201139&partnerID=8YFLogxK
U2 - 10.1109/SP.2010.34
DO - 10.1109/SP.2010.34
M3 - Conference contribution
AN - SCOPUS:77955201139
SN - 9780769540351
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 447
EP - 462
BT - 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings
T2 - 31st IEEE Symposium on Security and Privacy, SP 2010
Y2 - 16 May 2010 through 18 May 2010
ER -