Experimental Security Analysis of a Modern Automobile

Similar documents
Security Analysis of modern Automobile

Computer Security and the Internet of Things

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington

Experimental Security Analysis of a Modern Automobile

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

Automotive Intrusion Detection Based on Constant CAN Message Frequencies Across Vehicle Driving Modes

CAN Bus Risk Analysis Revisit

Security Concerns in Automotive Systems. James Martin

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles

Automotive Attack Surfaces. UCSD and University of Washington

Fast and Vulnerable A Story of Telematic Failures

An Experimental Analysis of the SAE J1939 Standard

IT-Sicherheitsprüfverfahren im Automotive-Umfeld

Embedded Automotive Systems Security:

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Adversary Models. EECE 571B Computer Security. Konstantin Beznosov

INNOVATIVE AUTOMOBILE SECURITY SYSTEM USING VARIOUS SECURITY MODULES

Development of Intrusion Detection System for vehicle CAN bus cyber security

Car Hacking for Ethical Hackers

CONTROLLER AREA NETWORK AS THE SECURITY OF THE VEHICLES

Phone: La Jolla, CA Website:

Cybersecurity Solutions for Connected Vehicles

Application. Diagnosing the dashboard by the CANcheck software. Introduction

Countermeasures against Cyber-attacks

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Green Lights Forever: Analyzing the Security of Traffic Infrastructure

Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network

Service Technical Resources MUT-III. (Multi-Use Tester-III*) Quick Reference Guide

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Handling Top Security Threats for Connected Embedded Devices. OpenIoT Summit, San Diego, 2016

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched

Autorama, Connecting Your Car to

Context-aware Automotive Intrusion Detection

The House Intelligent Switch Control Network based On CAN bus

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Goals and prospects of embedded electronic automotive systems

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

Overvoltage protection with PROTEK TVS diodes in automotive electronics

Mixed-Criticality Systems based on a CAN Router with Support for Fault Isolation and Selective Fault-Tolerance

Keywords - Bluetooth, DTMF, Arduino Pro-Mini, Arduino IDE, power supply, automobile security, Vehicle theft.

Securing the Autonomous Automobile

Automotive Networks Are New Busses and Gateways the Answer or Just Another Challenge? ESWEEK Panel Oct. 3, 2007

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

J1939 OVERVIEW. 1

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Security Issues in Controller Area Networks in Automobiles

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

DOWNLOAD OR READ : US CELLULAR ANSWER WIRELESS PDF EBOOK EPUB MOBI

Security of Safety-Critical Devices

Diagnostic Trends 2017 An Overview

MATLAB Expo Simulation Based Automotive Communication Design using MATLAB- SimEvent. Sudhakaran M Anand H General Motors

Pattern Recognition for Autonomous. Pattern Recognition for Autonomous. Driving. Freie Universität t Berlin. Raul Rojas

February.18. Abrites Diagnostics for BMW/ Mini version User Manual. Abrites Diagnostics for BMW/Mini version User Manual 1.

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

CompTIA Mobility+ Certification

The case for a Vehicle Gateway.

Securing the future of mobility

EtherCAT with MORPHEE 2, D2T s Automation System A fast and reliable communication with the test bed

e-pg Pathshala Subject : Computer Science Paper: Embedded System Module: Microcontrollers and Embedded Processors Module No: CS/ES/2 Quadrant 1 e-text

Gateway Architecture for Secured Connectivity and in Vehicle Communication

Spork Installation Instructions

A Formal Model to Facilitate Security Testing in Modern Automotive Systems

A Beginner s Guide to Controller Area Network Bus Access in Modern Vehicles

Chalmers Publication Library

CSC 774 Advanced Network Security

Automotive Audio Bus A B Transceiver Data Sheet

Automotive Security Standardization activities and attacking trend

INSTRUMENT CLUSTER 2.0

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Cross-Domain Security Issues for Connected Autonomous Vehicles

Automotive Gateway: A Key Component to Securing the Connected Car

MKV Vag-Com Tweaks. Central Convenience Module

WeVe: When Smart Wearables Meet Intelligent Vehicles

Protection against attack D.o.S. in CAN and CAN-FD vehicle networks

NC1701 ENHANCED VEHICLE COMMUNICATIONS CONTROLLER

Aula Mercedes Benz : Table of Contents THEORY (20 HOURS) 1.- BASIC INTRODUCTION TO VEHICLE TELEMATICS IN-VEHICLE NETWORKS - 30 MINS

OBD Auto Doctor. User Manual for ios (iphone and ipad) Copyright 2018 Creosys Ltd

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

CANSPY A Platform for Auditing CAN Devices

Controller area network

Implementation and validation of SAE J1850 (VPW) protocol solution for diagnosis application

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

A modern diagnostic approach for automobile systems condition monitoring

Design of the Control System about Central Signals in Electric Vehicle

13W-AutoSPIN Automotive Cybersecurity

Intra-Vehicular Wireless Sensor Networks

SW-Update. Thomas Fleischmann June 5 th 2015

The Golf 2004 Electrical system

Prevention of Information Mis-translation by a Malicious Gateway in Connected Vehicles

Linux in the connected car platform

Examining future priorities for cyber security management

Stepping Stone to Car Hacking

OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame

Communication in Automotive Networks Illustrated with an Example of Vehicle Stability Program: Part I - Control Area Network

Transcription:

Experimental Security Analysis of a Modern Automobile Matthias Lange TU Berlin June 29th, 2010 Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 1 / 16

Paper Info Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Tadayoshi Kohno University of Washington Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shachman, and Stefan Savage University of California, San Diego published in 2010 IEEE Symposium on Security and Privacy Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 2 / 16

Outline 1 Introduction 2 Automotive Embedded Systems 3 Threat Model 4 Security Analysis 5 Results 6 Discussion Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 3 / 16

Introduction automobile remained static for 80 years gasoline engine four wheels familiar user interface today many computers coordinate and monitor sensors 100MB of binary code spread over 50-70 ECUs Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 4 / 16

Goals safety Anti-lock Brake System standard access through OBD-port value added features automatic crash response remote diagnostics stolen vehicle recovery future: App Store Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 5 / 16

Consequences New Threats Computerized environments bring new array of potential new threats. New Attack Vectors Trend will open a wide range of attack vectors for attackers. Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 6 / 16

Automotive Embedded Systems ECUs found in cars since late 70s partly due to legislation complex interactions between ECUs Electronic Stability Control steer-by-wire Interconnection past: bilateral physical wire today: digital buses like CAN and FlexRay Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 7 / 16

Connectivity high speed bus for real-time telemetry low speed bus for binary actuators buses are bridged cellular based uplinks remote unlock track car location remote stop Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 8 / 16

Threat Model Purpose What can an attacker do if she is able to maliciously communicate on the car s internal network? analysis of attack surface intentionally left blank through wireless interfaces OBD-port malicious component Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 9 / 16

Experimental Setup Bench Physically extracted hardware hooked up to a power supply, CAN-to-USB converter and a oscilloscope. Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 10 / 16

Experimental Setup Bench Physically extracted hardware hooked up to a power supply, CAN-to-USB converter and a oscilloscope. Stationary car Car elevated on jack stands, laptop connected to OBD-port. Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 10 / 16

Experimental Setup Bench Physically extracted hardware hooked up to a power supply, CAN-to-USB converter and a oscilloscope. Stationary car Car elevated on jack stands, laptop connected to OBD-port. On the road Experimented with car at speed on a de-commissioned airport with wireless control. Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 10 / 16

Experimental Setup Bench Physically extracted hardware hooked up to a power supply, CAN-to-USB converter and a oscilloscope. Stationary car Car elevated on jack stands, laptop connected to OBD-port. On the road Experimented with car at speed on a de-commissioned airport with wireless control. CarShark A custom CAN bus analyzer and packet injection tool. Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 10 / 16

CAN Security Challenges Broadcast Packets broadcasted to all nodes Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 11 / 16

CAN Security Challenges Broadcast Packets broadcasted to all nodes DoS Packet flooding attack, priority based arbitration allows node to assert dominant state indefinitely Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 11 / 16

CAN Security Challenges Broadcast Packets broadcasted to all nodes DoS Packet flooding attack, priority based arbitration allows node to assert dominant state indefinitely No Authentication Packets do not contain any source identifier Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 11 / 16

CAN Security Challenges Broadcast Packets broadcasted to all nodes DoS Packet flooding attack, priority based arbitration allows node to assert dominant state indefinitely No Authentication Packets do not contain any source identifier Weak access control Challenge response sequence to protect ECU against certain actions without authorization. Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 11 / 16

CAN Security Challenges Broadcast Packets broadcasted to all nodes DoS Packet flooding attack, priority based arbitration allows node to assert dominant state indefinitely No Authentication Packets do not contain any source identifier Weak access control Challenge response sequence to protect ECU against certain actions without authorization. Firmware Updates Malicious firmware updates Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 11 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Reject disable CAN communication when it is unsafe Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Reject reflashing when it is unsafe Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Failed, reflash firmware while car wheels moving, engine stoped Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Failed, reflash firmware while car wheels moving, engine stoped Noncompliant Access Control Safety functionality must be protected by challenge response and unsafe DeviceControl must be denied Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Failed, reflash firmware while car wheels moving, engine stoped Noncompliant Access Control Failed, hardcoded key pair for ALL units, result not used at all, release breakes while car in motion Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Failed, reflash firmware while car wheels moving, engine stoped Noncompliant Access Control Failed, hardcoded key pair for ALL units, result not used at all, release breakes while car in motion Network Segregation Gateway between low- and high-speed bus must only be reprogrammable from the high-speed bus Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Failed, reflash firmware while car wheels moving, engine stoped Noncompliant Access Control Failed, hardcoded key pair for ALL units, result not used at all, release breakes while car in motion Network Segregation Failed, some bridge devices only reprogrammable from low-speed bus, malicious code may access high-speed bus Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Deviations from Standards standards prescribe risk-mitigation which components should comply Disable Communication Failed, disable communication while car wheels moving Reflashing ECU While Driving Failed, reflash firmware while car wheels moving, engine stoped Noncompliant Access Control Failed, hardcoded key pair for ALL units, result not used at all, release breakes while car in motion Network Segregation Failed, some bridge devices only reprogrammable from low-speed bus, malicious code may access high-speed bus Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 12 / 16

Attack Methodology Packet Sniffing and targeted probing with CarShark Fuzzing, aid in reverse engineering reverse engineering with IDA Pro Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 13 / 16

Results control of radio, disable user control, increase volume, clicks and chimes etc. display arbitrary messages on the instrument panel cluster honk the horn, lock doors, shoot windshield fluids etc. boost engine RPM, disturb engine timing, disable all cylinders, forge airbag deployed lock individual brakes (even resistant), release brakes, prevent enabling of brakes turn on/off fans and AC disabling communication led to reported speed be 0 mph, arbitrary offset to reported speed lights out, self destruct, self wiping code Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 14 / 16

Pwned Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 15 / 16

Discussion Manufacturers unaware of security issues? How to handle complexity? Can a micro kernel system consolidating different ECUs help solving some issues with CAN? Matthias Lange (TU Berlin) Experimental Security Analysis of a Modern Automobile June 29th, 2010 16 / 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback