Comprehensive experimental analyses of automotive attack surfaces

Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 20th USENIX Security Symposium
    PublisherUSENIX Association
    Pages77-92
    Number of pages16
    ISBN (Electronic)9781931971874
    StatePublished - Jan 1 2011
    Event20th USENIX Security Symposium - San Francisco, United States
    Duration: Aug 8 2011Aug 12 2011

    Publication series

    NameProceedings of the 20th USENIX Security Symposium

    Conference

    Conference20th USENIX Security Symposium
    CountryUnited States
    CitySan Francisco
    Period8/8/118/12/11

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality

    Fingerprint Dive into the research topics of 'Comprehensive experimental analyses of automotive attack surfaces'. Together they form a unique fingerprint.

  • Cite this

    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., & Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium (pp. 77-92). (Proceedings of the 20th USENIX Security Symposium). USENIX Association.