Experimental Security Analysis of a Modern Automobile

Size: px
Start display at page:

Download "Experimental Security Analysis of a Modern Automobile"

Transcription

1 hyväksymispäivä arvosana arvostelija Experimental Security Analysis of a Modern Automobile Matti Valovirta Helsinki HELSINGIN YLIOPISTO Tietojenkäsittelytieteen laitos

2 HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET UNIVERSITY OF HELSINKI Tiedekunta Fakultet Faculty Laitos Institution Department Faculty of Science Tekijä Författare Author Department of Computer Science Matti Valovirta Työn nimi Arbetets titel Title Experimental Security Analysis of a Modern Automobile Oppiaine Läroämne Subject Computer Science Työn laji Arbetets art Level Seminar Report Tiivistelmä Referat Abstract Aika Datum Month and year Sivumäärä Sidoantal Number of pages 11p pages ACM Computing Classification System (CCS): K.6.5 [Security and Protection] Avainsanat Nyckelord Keywords Security. automobile, network, CAN-bus, ECU Säilytyspaikka Förvaringställe Where deposited Muita tietoja Övriga uppgifter Additional information

3 ii Sisältö 1 Introduction 1 2 Technical details Buses CAN (Controller Area Network) OBD-II Wireless communication Electronic Control Units (ECUs) Security CAN Techniques Bus listening Cracking challenge-response pairs Fuzzing Reverse engineering Results Reflashing Unit security Interconnecting buses Effects to the car Conclusions 8 Appendix A. References 11

4 1 1 Introduction Talking about security testing of a car in a security testing seminar might sound a bit far-fetched but when you acknowledge that there are in fact a network or two inside a car and up to 70 Electronic Control Units (ECUs) you start to realize that the same vulnerabilities that plague other networks might apply. Purpose of this paper is to find out how big of an issue software security is in cars and their networks. Traditionally cars were built to operate mechanically but in recent years we've seen dramatical increase in electronic devices and computers in cars and the typical by-products of them, like software updates. Take a look for example Volvo's recent advertisement in Helsingin Sanomat found in Picture 1. For those of you who don't understand Finnish, it advertises that software updates are free in the new Volvo Service 2.0. Picture 1. Volvo's ad campaign where they are advertising free software updates [2]. Also with the recent incidents with Toyota's acceleration pedal in the United States has put the issue in the spotlight. Apparently Toyota hired an independent consultant to verify their claims that the problems weren't coming from the electronics. This just

5 highlights how sensitive this issue is. Who wants to drive a car 120 km/h knowing that there might be a software bug that let's say prevents you from braking at all? 2 2 Technical details 2.1 Buses Usually all the devices are connected to each other through a CAN-bus. Reason for this is money, it would be too expensive for every car manufacturer to have their own proprietary network. Unfortunately a standardized network in most cars gives wider surface for possible attacks. There might be two separate networks, a high-speed, critical one and a low-speed not-critical one. Typically devices that are real-time, like Anti-lock Braking System (ABS) and other safety related and/or time-critical devices are connected to the high-speed bus. Other devices such as a radio, infotainment display and such are connected to the slow-speed one. Some devices might need to exist on both network, for example Central Locking System (CLS) needs access to physical door lock switches, wireless input from remote key and possibly remote telematics command to unlock the doors. These are found on the low-speed network. In addition it also needs access to crash detection system in order to unlock the doors after airbags have deployed to facilitate exit. This system usually lies on the high-speed network. [1] CAN (Controller Area Network) Controller Area Network, CAN or CAN-bus is a bus built specifically for cars by Robert Bosch GmbH in It has now become more or less the industry standard for intra-car networks OBD-II Currently in the United States and in European Union cars are required to have a standardized access to car's network through a port called On-Board Diagnostics (OBD-II), usually found under the dashboard. This port can be used to insert a malicious device into the network or use it momentarily to alter some of the units in the network to operate differently. This will be discussed later on.

6 Wireless communication Other communication methods in a car might include a Bluetooth for connecting portable music players to the radio and cellular link access to mobile phone network. It has been implemented in some cars that there is a link between the car's internal network and a service center through a cellular connection. Applications might be such as that the service center displays a message on the car's display when a trip to the repair shop is needed based on telematics from the car's devices or contacts the emergency authorities if a crash is detected. [1]. 2.2 Electronic Control Units (ECUs) A few examples of ECUs found in a modern car: Engine Control Module (ECM) Electronic Brake Control Module (EBCM) Transmission Control Module (TCM) Body Control Module (BCM) Telematics Module Remote Control Door Lock Receiver (RCDLR) Heating, Ventilation, Air Conditioning (HVAC) Inflatable Restraint Sensing and Diagnostic Module (SDM) Instrument Panel Cluster/Driver Information Center (IPC/DIC) Radio Theft Deterrent Module (TDM) These just examples of what kind of units are found inside a typical modern car. Some of these devices are connected to either one of the low or high-speed buses, while some are connected to both, like BCM and Telematics. The problem here is that if these units are compromised it might be possible to convert the unit to act as a repeater, repeating from one network to the other, thus interconnecting the two networks. One estimate suggests that a typical car might contain over 100 MB of binary code over ECUs. [1].

7 4 3 Security Given the nature of current automobile electronics architecture there a several possibilities for a attacker to gain access to a car's internal networks. In the following section we are going to give a overview on the possible techniques involved. 3.1 CAN There are some inherent security flaws in CAN's design. In CAN, there are no addresses and every node connected to the CAN-bus receives all messages sent to it. Messages are processed by their identification fields. By design it is possible to add new nodes to the network and make them process all messages sent to the network. Other possibility is a denial-of-service attack which either floods the network with packets or using CAN's priority-based arbitration sets the network to a dominant state, where all other nodes will back off. In addition to these there are no authentication fields in CAN messages, so that it could be identified from which node the message was sent. One can build a higher level protocol on top of CAN which supports some mechanisms to increase security. Apparently this was done on cars studied in the article. Solution was to add a challenge-response sequence to protect the ECUs against certain actions without being authenticated. The protocol they used defined that a given ECU could participate in zero, one or two challenge-response pairs of the following types: Reflashing and memory protection. Protects against reflashing and reading out sensitive parts of the memory. Tester capabilities. There might be a need to access and alter states while testing the car's functionalities. This pair is to protect against unauthorized access. In principle, challenge-response pair mechanism should protect ECUs from being accessed unauthorized. But in reality there are few problems. First of all the CAN's message is 16-bit wide, so it's feasible to scan all possible combinations in a decent amount of time. More information can be found in section [1]. 3.2 Techniques Here are listed the techniques described in the article that was used to gain knowledge of the car's networks [1].

8 Bus listening This mean that one simply records all messages on the bus. This can be easily achieved since all messages are broadcasted and new devices can be added to the network so that existing ones do not recognize their presence. Out of this recording one can derive what messages correspond to what commands on the units Cracking challenge-response pairs Since CAN messages are 16-bit wide it does not take that long to scan every possible bit-combination in order to find the correct response for a challenge. It was stated in the article that ECUs have to allow key entries every 10 seconds. It took seven and a half days to scan every possible message of challenge-response pair. One can also speed this up by powercycling the ECU which decreased the time to three and a half days. This can be done in parallel to every device, in order to save time Fuzzing Fuzzing means sending random messages to the network and observe their impact. With this technique one can find what can messages correspond to what actions on the car. One application of fuzzing might also be to disrupt the normal working state of the car without any actual knowledge of the ECUs Reverse engineering If one has access to the binary code of the unit, it is possible to reverse engineer it. This means that by running the code in a debugger one gains knowledge what that particular code is doing. 4 Results Koscher et al [1] describes in their paper their findings of a experimental security analysis of a modern automobile. They experimented with two automobiles from 2009 of the same make and model. They did not reveal the manufacturer but instead said that they believe the problems lie within the architecture, not the particular implementation. However the results were not verified with another cars. Neither the specifics of the communication standards used were disclosed. Only that a CAN-bus was used.

9 6 Testing was done both individually to ECUs connected to a CAN-to-USB adapter and an oscilloscope and the car hooked to a laptop through ODB-II and a CAN-to-USB adapter. Experiments were done in three ways: bench, stationary car and on the road. Bench means that the tested unit was extracted from the car and hooked to an oscilloscope and a CAN analyzer. Stationary car means that the car was lifted to jack stands to allow the tires to spin. On the road means that the car was literally tested on the road, which in this case was a abandoned airport runway. 4.1 Reflashing The standard used in the car tested by Koscher et al [1] states that ECUs should reject reflashing requests if they seem unsafe, for example that the car is running. However, testing showed that it was indeed possible to place ECM and TCM into reflashing mode while the car was at speed on jack stands. Also the ECM could be set to reflashing mode while on the road. 4.2 Unit security It was found out that unit security was implemented less broadly than what the standard specified. For example the telematics unit had hardcoded challenge and response that was similar to all unit with the same model. Even worse, the challenge-response was never used at all. Memory in the units should also be protected against being read if it contains sensitive information. However, the reflashing keys could be read from memory of the BCM without any authentication. Also the whole memory of the telematics unit could be read without any authentication. 4.3 Interconnecting buses The standard implicitly describes the high-speed network as more reliable than the low-speed network. It also states that the gateways between the two networks should only be re-programmable from the high-speed network. This is likely implemented as a safety measure, so that let's say a new radio could not gain access to the high-speed network. On the tested car, there were two ECUs that were on both networks, the BCM and the telematics unit. While the telematics unit is not technically a gateway, it

10 7 connects to both networks and against the standard it can be re-programmed only from the low-speed network. This way a unit residing on the low-speed network could attack the telematics unit and gain access to the high-speed network through it. It was verified that it was possible to upload code to the telematics unit from low-speed network that in turn sent packets on the high-speed network. 4.4 Effects to the car Using the techniques described in section 3.2 Koscher et al [1] were able to obtain knowledge about what are the commands used in intra-car networks. Complete list of the effects they were able to achieve can be found in Appendix A. Below are listed a few examples: Disable brakes and all auxiliary lights at speed without a possibility for a manual override. Kill engine at speed without a possibility for a manual override so that it can not be restarted. Lock all doors so that they can not be opened from inside. Prevent the driver from turning the car on or off. What this short list demonstrates is that fundamental things regarding safety was compromised in the experiment. If an attacker could gain access to the car's internal network it could lead to very severe consequences. Multi-component attacks In addition to affecting individual units an attacker can exploit multiple components to perform an composite attack. A few were described by Koscher et al [1]: Speedometer. They manipulated the displayed speed to be arbitrary speed of the actual speed with an offset. Lights out. In this attack they demonstrated that it was possible to turn off all light, including all interior lights, headlights, brake lights and instrument panel illumination. This can be extremely dangerous in the situation where the victim is driving in a dark environment or at night.

11 8 Self-Destruct. In this they displayed a 60-second countdown on the Driver Information Center that would culminate in killing the engine and activating the door lock relay (preventing the occupant from using the electronic door unlock button). 5 Conclusions It seems that modern cars have not yet been designed with electronic security in mind. Car manufacturers have chosen to use standardized buses instead of one-off designs. This is a good thing for accessory business but good for possible hackers as well. The amount of electronic units inside a car has increased dramatically over the years and it seems that the trend is now to add wireless services to cars. This increases the surface that possible hackers can use to gain access to intra-car networks. The list of what can be achieved when the network is compromised seems quite exhaustive. Koscher et. al. [1] achieved to stop the engine while the car was running, lock the brakes so that they won't release their position even when powercycled and battery removed and disable brakes completely while the car was running. It was not assessed in the article how feasible these attacks would be in real life, but it demonstrated that they are feasible in theory at least. With the likely increase in wireless connections added to cars, it seems that this issue is something that will have to be addressed sooner or later.

12 9 Appendix A. Picture 2. Listing of CAN commands gathered. [1]. In these listings Manual Override indicates whether it is possible to override the effect manually, such as pulling a knob pushing on the brakes, etc. At Speed means that the effect was tested while the car was suspended on jack stands. Need to Unlock means

13 that in order to issue the command on the unit authentication was needed. Tested on Runway means that the effect was tested while running the car on an abandoned airstrip. 10

14 11 References [1] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage. Experimental Security Analysis of a Modern Automobile. IEEE Symposium on Security and Privacy [2] Volvo Service 2.0 wegpage. [ ].

Security Analysis of modern Automobile

Security Analysis of modern Automobile Security Analysis of modern Automobile Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 20 Apr 2017 Outline Introduction Attack Surfaces

More information

Experimental Security Analysis of a Modern Automobile

Experimental Security Analysis of a Modern Automobile Experimental Security Analysis of a Modern Automobile Matthias Lange TU Berlin June 29th, 2010 Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 1 / 16 Paper

More information

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives

More information

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban University of Tartu Research Seminar in Cryptography Car Security Author: Tiina Turban Supervisor: Dominique Unruh December 16, 2013 1 Introduction Cars these days are becoming more and more computerized.

More information

Vetting Browser Extensions for Security Vulnerabilities

Vetting Browser Extensions for Security Vulnerabilities Vetting Browser Extensions for Security Vulnerabilities Risto Sandvik Helsinki 28.3.2011 UNIVERSITY OF HELSINKI Faculty of Science Department of Computer Science HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET

More information

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington Some example UW security lab projects, related to emerging technologies Tadayoshi Kohno CSE 484, University of Washington Wireless Implantable Medical Devices Computation and wireless capabilities lead

More information

Security Concerns in Automotive Systems. James Martin

Security Concerns in Automotive Systems. James Martin Security Concerns in Automotive Systems James Martin Main Questions 1. What sort of security vulnerabilities do modern cars face today? 2. To what extent are external attacks possible and practical? Background

More information

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego Steve Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage (UCSD) Karl Koscher,

More information

Computer Security and the Internet of Things

Computer Security and the Internet of Things Computer Security and the Internet of Things Tadayoshi Kohno Computer Science & Engineering University of Washington At USENIX Enigma, January 2016 The Internet of Things Door Locks Thermostats Furnaces

More information

IT-Sicherheitsprüfverfahren im Automotive-Umfeld

IT-Sicherheitsprüfverfahren im Automotive-Umfeld Informationstag "Das Automobil als IT-Sicherheitsfall" Berlin, 11.05.2012 IT-Sicherheitsprüfverfahren im Automotive-Umfeld Markus Bartsch IT Security und IT Safety Security SECURITY Security Safety SAFETY

More information

Seminar report: DieHarder: Securing the heap

Seminar report: DieHarder: Securing the heap Seminar report: DieHarder: Securing the heap Otto Waltari Helsinki 4.4.2011 Seminar report UNIVERSITY OF HELSINKI Department of Computer science HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET UNIVERSITY OF

More information

Adversary Models. EECE 571B Computer Security. Konstantin Beznosov

Adversary Models. EECE 571B Computer Security. Konstantin Beznosov Adversary Models EECE 571B Computer Security Konstantin Beznosov 1 why we need adversary models?! attacks and countermeasures are meaningless without 2 2 elements of an adversary model! objectives! obtain

More information

Automotive Attack Surfaces. UCSD and University of Washington

Automotive Attack Surfaces. UCSD and University of Washington Automotive Attack Surfaces UCSD and University of Washington Current Automotive Environment Modern cars are run by tens of ECUs comprising millions of lines of code ECUs are well connected over internal

More information

Enforcement in Abstract Argumentation via Boolean Optimization

Enforcement in Abstract Argumentation via Boolean Optimization Enforcement in Abstract Argumentation via Boolean Optimization Andreas Niskanen MSc thesis University of Helsinki Department of Computer Science Helsinki, November 30, 2016 HELSINGIN YLIOPISTO HELSINGFORS

More information

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cybersecurity Challenges for Connected and Automated Vehicles Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute Cars are becoming complex (and CAV is only part of it) 1965: No

More information

Development of Intrusion Detection System for vehicle CAN bus cyber security

Development of Intrusion Detection System for vehicle CAN bus cyber security Development of Intrusion Detection System for vehicle CAN bus cyber security Anastasia Cornelio, Elisa Bragaglia, Cosimo Senni, Walter Nesci Technology Innovation - SSEC 14 Workshop Automotive SPIN Italia

More information

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Automotive Anomaly Monitors and Threat Analysis in the Cloud Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications

More information

Fault-tolerant and real-time CORBA

Fault-tolerant and real-time CORBA Date of acceptance Grade Instructor Fault-tolerant and real-time CORBA Mika Karlstedt Helsinki December 1, 2007 UNIVERSITY OF HELSINKI Department of Computer Science HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET

More information

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 PENETRATION TESTING OF AUTOMOTIVE DEVICES Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017 Imagine your dream car 2 Image: 2017 ESCRYPT. Exemplary attack demonstration only. This is NOT

More information

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018 CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018 Car Hacking Immediately my accelerator stopped working. As I frantically

More information

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles Jason Staggs Who is this guy? Jason Staggs Graduate Research Assistant Institute for Information Security (isec)

More information

IoT device fingerprinting with sequence-based features

IoT device fingerprinting with sequence-based features Date of acceptance Grade Instructor IoT device fingerprinting with sequence-based features Nishadh Aluthge Helsinki December 12, 2017 UNIVERSITY OF HELSINKI Department of Computer Science HELSINGIN YLIOPISTO

More information

Performance Evaluation of Bloom Multifilters

Performance Evaluation of Bloom Multifilters Date of acceptance Grade Instructor Performance Evaluation of Bloom Multifilters Francesco Concas Helsinki December 7, 2017 UNIVERSITY OF HELSINKI Department of Computer Science HELSINGIN YLIOPISTO HELSINGFORS

More information

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017 Uptane: Securely Updating Automobiles Sam Weber NYU samweber@nyu.edu 14 June 2017 Credits Funded by DHS S&T CSD Work done by New York University University of Michigan Transportation Research Institute

More information

ECUTEK ON INFINITI VR30

ECUTEK ON INFINITI VR30 ECUTEK ON INFINITI VR30 INTRODUCTION Welcome and thank you for being a customer of Visconti Tuning! This guide is broken into sections which you can jump around between by clicking on each of the chapters

More information

The implementation and performance of Chord

The implementation and performance of Chord The implementation and performance of Chord Kasperi Kaija Master s Thesis UNIVERSITY OF HELSINKI Department of Computer Science Helsinki, October 1, 2017 HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET UNIVERSITY

More information

Options for collision shops to perform scan services independently

Options for collision shops to perform scan services independently Scan Tool and Services Overview for Pre-and Post-scanning Overview: Pre-and Post-scanning solutions available today for collision diagnostics vary widely for applications and capabilities. Some tools or

More information

An Experimental Analysis of the SAE J1939 Standard

An Experimental Analysis of the SAE J1939 Standard Truck Hacking: An Experimental Analysis of the SAE J1939 Standard 10th USENIX Workshop On Offensive Technologies (WOOT 16) Liza Burakova, Bill Hass, Leif Millar & Andre Weimerskirch Are trucks more secure

More information

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security In less than a year, 100s of millions connected cars Aftermarket connectivity most prevalent

More information

Embedded Automotive Systems Security:

Embedded Automotive Systems Security: The 3 rd International Workshop on Safety and Security of Intelligent Vehicles (SSIV) June 26, 2017 Embedded Automotive Systems Security: A language-based Intrusion Detection Approach Mohamed Kaâniche

More information

Countermeasures against Cyber-attacks

Countermeasures against Cyber-attacks Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure

More information

The Golf 2004 Electrical system

The Golf 2004 Electrical system Service Training Self-study programme 319 The Golf 2004 Electrical system Design and function The most striking change compared with the previous model is the rear lighting of the Golf 2004. The one-piece

More information

Autologic Technical Specifications JAGUAR

Autologic Technical Specifications JAGUAR Autologic Technical Specifications JAGUAR 1. JAGUAR PRODUCT DESCRIPTION The Autologic diagnostic tool for Jaguar vehicles is without doubt the most comprehensive tool to be made available to independent

More information

CONTROLLER AREA NETWORK AS THE SECURITY OF THE VEHICLES

CONTROLLER AREA NETWORK AS THE SECURITY OF THE VEHICLES INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) Proceedings of the International Conference on Emerging Trends in Engineering and Management (ICETEM14) ISSN 0976 6367(Print) ISSN 0976

More information

Tools and processes for creating and maintaining own Linux based distributions in corporate environment

Tools and processes for creating and maintaining own Linux based distributions in corporate environment Tools and processes for creating and maintaining own Linux based distributions in corporate environment Juhani Heliö Helsinki April 28, 2017 UNIVERSITY OF HELSINKI Department of Computer Science HELSINGIN

More information

Information search in mobile opportunistic networks: extensions to seeker assisted search

Information search in mobile opportunistic networks: extensions to seeker assisted search Date of acceptance Grade Instructor Information search in mobile opportunistic networks: extensions to seeker assisted search Yiping Chen Helsinki September 16, 2014 UNIVERSITY OF HELSINKI Department of

More information

Fast and Vulnerable A Story of Telematic Failures

Fast and Vulnerable A Story of Telematic Failures Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems Security Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage Telematic Control Units Connects to car s

More information

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Securing the Connected Car. Eystein Stenberg CTO Mender.io Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined

More information

Open source tools for Linux distribution development and maintenance in corporate environment

Open source tools for Linux distribution development and maintenance in corporate environment Date of acceptance Grade Instructor Open source tools for Linux distribution development and maintenance in corporate environment Niko Kortström Helsinki 22.05.2017 UNIVERSITY OF HELSINKI Department of

More information

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched communication protocol used for automotive industries. Now we are

More information

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes Clinton Young Iowa State University Department of Electrical and Computer Engineering cwyoung@iastate.edu

More information

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased

More information

Hardening Attack Vectors to cars by Fuzzing

Hardening Attack Vectors to cars by Fuzzing Hardening Attack Vectors to cars by Fuzzing AESIN 2015 Ashley Benn, Regional Sales manager 29 th October, 2015 2015 Synopsys, Inc. 1 Today, there are more than 100m lines of code in cars 2015 Synopsys,

More information

z/os Operating System Vulnerabilities ( )

z/os Operating System Vulnerabilities ( ) ARTICLE z/os Operating System Vulnerabilities (2013-2017) Cynthia Overby March 2, 2018 z/os Operating System Vulnerabilities (2013-2017) 01 Mainframe Integrity Vulnerabilities Key Resources, Inc. (KRI)

More information

Spork Installation Instructions

Spork Installation Instructions Table of Contents 1. Table of Contents 1 2. Requirements... 1 3. Bluetooth Connection Process 2 4. Software Installation... 3 5. Retrieving Spork s Serial Number... 4 6. Retrieving the ECU s ROM Calibration..

More information

U0001-CAN C BUS. Theory of Operation LX - CHRYSLER L V8 HEMI MDS V.V.T. (EZD)

U0001-CAN C BUS. Theory of Operation LX - CHRYSLER L V8 HEMI MDS V.V.T. (EZD) 9 - LX - CHRYSLER - 5.7L V8 HEMI MDS V.V.T. (EZD) U-CAN C BUS ACC ESM TPM ORC LRSM AHBM ITM RADIO AMP SDARV TCM WIN CAN C BUS VES DTCM PCM/ ECM SCM CAN B BUS HSM ABS DDM CAN C BUS PDM TIPM/CGW CAN B BUS

More information

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Data Communication. Chapter # 5: Networking Threats. By: William Stalling Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals

More information

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2 Security Insert the Vulnerabilities title of your of the presentation Connected here Car Presented Presented by by Peter Name Vermaat Here Principal Job Title ITS - Date Consultant 24/06/2015 Agenda 1

More information

Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol CAN-BUS

Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol CAN-BUS Physical-Fingerprinting of Electronic Control Unit (ECU) Based on Machine Learning Algorithm for In-Vehicle Network Communication Protocol CAN-BUS by Omid Avatefipour A thesis submitted in partial fulfillment

More information

NAVIGATION/TELECOMMUNICATION - SERVICE INFORMATION

NAVIGATION/TELECOMMUNICATION - SERVICE INFORMATION 8T - 56 NAVIGATION/TELECOMMUNICATION - SERVICE INFORMATION LX NAVIGATION/TELECOMMUNICATION - SERVICE INFORMATION DESCRIPTION TELECOMMUNICATIONS The hands-free cellular system uses Bluetooth technology

More information

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled

More information

Application. Diagnosing the dashboard by the CANcheck software. Introduction

Application. Diagnosing the dashboard by the CANcheck software. Introduction Diagnosing the dashboard by the CANcheck software Introduction In recent years, vehicle electronics technology improved and advances day by day. A great of advanced electronic technology has been applied

More information

PRE-ARRIVAL DESTINATION PREPARATION

PRE-ARRIVAL DESTINATION PREPARATION Technical Disclosure Commons Defensive Publications Series October 02, 2017 PRE-ARRIVAL DESTINATION PREPARATION Follow this and additional works at: http://www.tdcommons.org/dpubs_series Recommended Citation

More information

why we need adversary models? Adversary Models elements of an adversary model Dolev-Yao model attacks and countermeasures are meaningless without

why we need adversary models? Adversary Models elements of an adversary model Dolev-Yao model attacks and countermeasures are meaningless without why we need adversary models? attacks countermeasures are meaningless without Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov 2 elements of an adversary model objectives

More information

Chalmers Publication Library

Chalmers Publication Library Chalmers Publication Library Adapting Threat Modeling Methods for the Automotive Industry This document has been downloaded from Chalmers Publication Library (CPL). It is the author s version of a work

More information

Service Technical Resources MUT-III. (Multi-Use Tester-III*) Quick Reference Guide

Service Technical Resources MUT-III. (Multi-Use Tester-III*) Quick Reference Guide Service Technical Resources MUT-III (Multi-Use Tester-III*) Quick Reference Guide *Cart not included May, 2003 INTENDED USAGE OF MUT-III MUT-II role after MUT-III Launch MUT-III is an essential special

More information

Securing the Autonomous Automobile

Securing the Autonomous Automobile Securing the Autonomous Automobile Sridhar Iyengar Vice President, Intel Labs Intel Corporation CROSSING Conference May 15-17 2017 Legal Notices and disclaimers This presentation contains the general insights

More information

Automotive Gateway: A Key Component to Securing the Connected Car

Automotive Gateway: A Key Component to Securing the Connected Car Automotive : A Key Component to Securing the Connected Car Introduction Building vehicles with gateways electronic devices that enable secure and reliable communications among a vehicle s electronic systems

More information

Distributed Computing for the Internet of Things Using IoT Hubs

Distributed Computing for the Internet of Things Using IoT Hubs 4 i Date of acceptance Grade Instructor Distributed Computing for the Internet of Things Using IoT Hubs Janne Laukkanen Helsinki November 17, 2017 UNIVERSITY OF HELSINKI Department of Computer Science

More information

Experimental Security Assessment of BMW Cars: A Summary Report

Experimental Security Assessment of BMW Cars: A Summary Report Experimental Security Assessment of BMW Cars: A Summary Report 1. Introduction... 1 2. Research Description... 2 2.1 Infotainment System... 3 2.1.1 USB Interface... 5 2.1.2 E-NET over OBD-II... 6 2.1.3

More information

Linux in the connected car platform

Linux in the connected car platform Linux in the connected car platform Background Long time desktop Linux user Designed several capes for the BeagleBone Black Currently an Embedded engineer for Dialexa What is a connected car anyway? A

More information

Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent

Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent Offense & Defense in IoT World Samuel Lv Keen Security Lab, Tencent Keen Security Lab of Tencent Wide coverage of software and hardware security research Mainstream PC & Mobile Operating Systems Mainstream

More information

S e c u rity S o lu tio n s

S e c u rity S o lu tio n s 1 S e c u rity S o lu tio n s Introduction to security 2 Why Security Is Necessary? Following question may be familiar to some people Doing all that security is expensive and generates no money. Do we

More information

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

Pass4suresVCE.   Pass4sures exam vce dumps for guaranteed success with high scores Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :

More information

ITS (Intelligent Transportation Systems) Solutions

ITS (Intelligent Transportation Systems) Solutions Special Issue Advanced Technologies and Solutions toward Ubiquitous Network Society ITS (Intelligent Transportation Systems) Solutions By Makoto MAEKAWA* Worldwide ITS goals for safety and environment

More information

Security of Safety-Critical Devices

Security of Safety-Critical Devices 1 Security of Safety-Critical Devices Frankie Catota and Adam Durity April 8, 2014 Outline Introduction Medical devices Risks Defense Approaches Perception Vehicle safety Other safety-critical areas Economics

More information

Architecture concepts in Body Control Modules

Architecture concepts in Body Control Modules Bitte decken Sie die schraffierte Fläche mit einem Bild ab. Please cover the shaded area with a picture. (24,4 x 11,0 cm) Course 7 www.continental-corporation.com Interior Body and Security Table Of Contents

More information

InControl INCONTROL OVERVIEW

InControl INCONTROL OVERVIEW INCONTROL OVERVIEW InControl uses smartphone and in-vehicle mobile technology, to remotely connect the vehicle to a number of services and convenience features. Note: For further information, access the

More information

ECUTEK ON NISSAN JUKE TURBO

ECUTEK ON NISSAN JUKE TURBO ECUTEK ON NISSAN JUKE TURBO INTRODUCTION Welcome and thank you for being a customer of Visconti Tuning! This guide is broken into sections which you can jump around between by clicking on each of the chapters

More information

Securing the future of mobility

Securing the future of mobility Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need

More information

PREEvision Technical Article

PREEvision Technical Article PREEvision Technical Article AUTOSAR-Conformant Vehicle Diagnostics over : Developing Diagnostic Communications for E/E Systems The electronically controlled systems of modern vehicles are networked with

More information

2004 ACCESSORIES & EQUIPMENT. Data Link Communications - Corvette. Fastener Tightening Specifications Specification Application

2004 ACCESSORIES & EQUIPMENT. Data Link Communications - Corvette. Fastener Tightening Specifications Specification Application 2004 ACCESSORIES & EQUIPMENT Data Link Communications - Corvette SPECIFICATIONS FASTENER TIGHTENING SPECIFICATIONS Fastener Tightening Specifications Specification Application Metric English Data Link

More information

A Feature-Based Call Graph Distance Measure for Program Similarity Analysis

A Feature-Based Call Graph Distance Measure for Program Similarity Analysis A Feature-Based Call Graph Distance Measure for Program Similarity Analysis Simo Linkola Master s Thesis UNIVERSITY OF HELSINKI Department of Computer Science Helsinki, May 13, 2016 HELSINGIN YLIOPISTO

More information

Uptane. Securing Over-the-Air Updates Against Nation State Actors. Justin Cappos New York University

Uptane. Securing Over-the-Air Updates Against Nation State Actors. Justin Cappos New York University Uptane Securing Over-the-Air Updates Against Nation State Actors Justin Cappos New York University What do these companies have in common? What do these companies have in common? Users attacked via software

More information

A Beginner s Guide to Controller Area Network Bus Access in Modern Vehicles

A Beginner s Guide to Controller Area Network Bus Access in Modern Vehicles Kennesaw State University From the SelectedWorks of Kevin McFall November 15, 2016 A Beginner s Guide to Controller Area Network Bus Access in Modern Vehicles Kevin McFall, Kennesaw State University T.

More information

Car Hacking for Ethical Hackers

Car Hacking for Ethical Hackers Car Hacking for Ethical Hackers Dr. Bryson Payne, GPEN, CEH, CISSP UNG Center for Cyber Operations (CAE-CD) 2016-2021 Languages Leadership Cyber Why Car Hacking? Internet-connected and self-driving cars

More information

Aggregating services. Christoffer Björkskog. Helsinki February 13, 2008 Master s Thesis Chapter UNIVERSITY OF HELSINKI Department of Computer Science

Aggregating services. Christoffer Björkskog. Helsinki February 13, 2008 Master s Thesis Chapter UNIVERSITY OF HELSINKI Department of Computer Science Aggregating services Christoffer Björkskog Helsinki February 13, 2008 Master s Thesis Chapter UNIVERSITY OF HELSINKI Department of Computer Science HELSINGIN YLIOPISTO HELSINGFORS UNIVERSITET UNIVERSITY

More information

MATLAB Expo Simulation Based Automotive Communication Design using MATLAB- SimEvent. Sudhakaran M Anand H General Motors

MATLAB Expo Simulation Based Automotive Communication Design using MATLAB- SimEvent. Sudhakaran M Anand H General Motors MATLAB Expo 2013 Simulation Based Automotive Communication Design using MATLAB- SimEvent Sudhakaran M Anand H General Motors 1 Agenda Introduction Different Analysis Methods Analytical vs. Simulation Approach

More information

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division Cybersecurity is not one Entry Point Four Major Aspects of Cybersecurity How

More information

The Touran Electrical system

The Touran Electrical system Service. Self-study programme 307 The Touran Electrical system Design and function The networking technology, used until now only in luxury class vehicles, will be a feature in compact vans, such as the

More information

Resistance Is Futile Electronics Are on the Rise Electronic Control Units and Communication Protocols

Resistance Is Futile Electronics Are on the Rise Electronic Control Units and Communication Protocols Electronic Control Units and Communication Protocols April 2009 PREPARED BY: IHS Global Insight, Inc. Electronics content in cars has been steadily increasing since as far back as the early 1970s, starting

More information

Infotainment Manual Model Year 2013 Edition: May 2012 TS 1686-A-13. VAUXHALL Vivaro

Infotainment Manual Model Year 2013 Edition: May 2012 TS 1686-A-13. VAUXHALL Vivaro Infotainment Manual Model Year 2013 Edition: May 2012 TS 1686-A-13 VAUXHALL Vivaro 0-1 Infotainment Manual Model Year 2013 Edition: May 2012 TS 1686-A-13 Contents Introduction... 2 Radio... 28 CD Player...

More information

Connected Car Solutions Based on IoT

Connected Car Solutions Based on IoT FEATURED ARTICLES Autonomous Driving Technology for Connected Cars Connected Car Solutions Based on IoT With the aim of achieving a prosperous society in which people and vehicles exist in harmony, the

More information

1. REMOVE BACK COVER 2. INSERT SIM CARDS AND MEMORY CARD

1. REMOVE BACK COVER 2. INSERT SIM CARDS AND MEMORY CARD QUICK START GUIDE 1. REMOVE BACK COVER 2. INSERT SIM CARDS AND MEMORY CARD 3. INSERT BATTERY 4. CHARGE FOR 8 HOURS BEFORE TURNING ON. 5. TURN CELL PHONE ON AND WAIT FOR INITIAL SETUP 6. MULTIMEDIA PLAYER

More information

Green Lights Forever: Analyzing the Security of Traffic Infrastructure

Green Lights Forever: Analyzing the Security of Traffic Infrastructure Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 5 Host, Application, and Data Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 5 Host, Application, and Data Security Objectives List the steps for securing a host computer Define application security Explain

More information

Technical Service Bulletin

Technical Service Bulletin 37 Transmission shudders on acceleration 24 10 12 2022600/1 March 30, 2010 Model(s) Year VIN Range Vehicle-Specific Equipment A4 2009 2010 All A5 2009 2010 All 2.0 TFSI and 0AW Gearbox Condition Vehicle

More information

Using Blockchain Technology and Smart Contracts for Access Management in IoT devices

Using Blockchain Technology and Smart Contracts for Access Management in IoT devices Date of acceptance Grade Instructor : Prof. Sasu Tarkoma Advisor : Oscar Novo Using Blockchain Technology and Smart Contracts for Access Management in IoT devices Rupsha Bagchi Helsinki May 8, 2017 UNIVERSITY

More information

Who is riding the Bus?

Who is riding the Bus? 1 of 5 12/17/2005 9:55 AM Who is riding the Bus? Let's look into the mysterious world of body and chassis controllers and the way they communicate with each other. In this article we will look at the different

More information

Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks

Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks Field Classification, Modeling and Anomaly Detection in Unknown CAN Bus Networks Moti Markovitz Tel Aviv University motimark@gmail.com Avishai Wool Tel Aviv University yash@eng.tau.ac.il October 13, 2015

More information

Mobile Security Fall 2013

Mobile Security Fall 2013 Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop

More information

IMPORTANT NOTICES... 3 SAFETY PRECAUTIONS... 4

IMPORTANT NOTICES... 3 SAFETY PRECAUTIONS... 4 CONTENTS IMPORTANT NOTICES........................................ 3 SAFETY PRECAUTIONS....................................... 4 Introduction...........................................5 Datastream............................................6

More information

The case for a Vehicle Gateway.

The case for a Vehicle Gateway. The case for a Vehicle Gateway. Equipment and Tool Institute ETI-ToolTech_2015_Gateway.pptx 1 Vehicle Data Access Last year we proposed a Vehicle Station Gateway and its associated Unified Gateway Protocol

More information

Minds.com Platform Full Disclosure

Minds.com Platform Full Disclosure 18/06/15 security@voidsec.com Minds.com Platform Full Disclosure Performers: Paolo Stagno ( aka voidsec voidsec@voidsec.com ) Luca Poletti ( aka kalup kalup@voidsec.com ) 1 18/06/15 security@voidsec.com

More information

Infotainment. file://c:\program Files\cosids\DATA\TMP\ rtf.html

Infotainment. file://c:\program Files\cosids\DATA\TMP\ rtf.html Page 1 of 12 Infotainment All Infotainment components communicate via the MS CAN bus. The main unit of the Infotainment system is always a radio (EHU - Entertainment Head Unit), which, depending on the

More information

CompTIA Security+(2008 Edition) Exam

CompTIA Security+(2008 Edition) Exam http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over

More information

Through the years we ve come

Through the years we ve come A Closer Look at Vehicle Data Communications A Closer Look at Vehicle Data Communications by Steve Garrett members.atra.com Through the years we ve come to depend on the information we can collect with

More information

TECHNICAL SERVICE BULLETIN

TECHNICAL SERVICE BULLETIN GROUP ELE NUMBER MODEL 2014MY Soul (PS) DATE 058 March 2014 TECHNICAL SERVICE BULLETIN SERVICE ACTION: BCM UPGRADE - IPM LOGIC This bulletin provides information related to the reprogramming of the Body

More information

Lossless Differential Compression for Synchronizing Arbitrary Single- Dimensional Strings

Lossless Differential Compression for Synchronizing Arbitrary Single- Dimensional Strings Date of acceptance Grade 6 th November, 2012 ECLA Instructor Sasu Tarkoma Lossless Differential Compression for Synchronizing Arbitrary Single- Dimensional Strings Jari Karppanen Helsinki, September 20

More information

13-Oct-2012 Security related parts and Vehicle Interfaces

13-Oct-2012 Security related parts and Vehicle Interfaces 13-Oct-2012 Security related parts and Vehicle Interfaces Robert Beckmann President Beckmann Technologies & BlueLink Diagnostic Solutions Member NASTF VSC First generation security systems Simple signal

More information