Comprehensive experimental analyses of automotive attack surfaces

Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, Tadayoshi Kohno

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 20th USENIX Security Symposium
    PublisherUSENIX Association
    Pages77-92
    Number of pages16
    ISBN (Electronic)9781931971874
    StatePublished - Jan 1 2011
    Event20th USENIX Security Symposium - San Francisco, United States
    Duration: Aug 8 2011Aug 12 2011

    Publication series

    NameProceedings of the 20th USENIX Security Symposium

    Conference

    Conference20th USENIX Security Symposium
    CountryUnited States
    CitySan Francisco
    Period8/8/118/12/11

    Fingerprint

    Automobiles
    Compact disk players
    Bluetooth
    Ecosystems
    Mechanics
    Railroad cars

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality

    Cite this

    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., ... Kohno, T. (2011). Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium (pp. 77-92). (Proceedings of the 20th USENIX Security Symposium). USENIX Association.

    Comprehensive experimental analyses of automotive attack surfaces. / Checkoway, Stephen; McCoy, Damon; Kantor, Brian; Anderson, Danny; Shacham, Hovav; Savage, Stefan; Koscher, Karl; Czeskis, Alexei; Roesner, Franziska; Kohno, Tadayoshi.

    Proceedings of the 20th USENIX Security Symposium. USENIX Association, 2011. p. 77-92 (Proceedings of the 20th USENIX Security Symposium).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Checkoway, S, McCoy, D, Kantor, B, Anderson, D, Shacham, H, Savage, S, Koscher, K, Czeskis, A, Roesner, F & Kohno, T 2011, Comprehensive experimental analyses of automotive attack surfaces. in Proceedings of the 20th USENIX Security Symposium. Proceedings of the 20th USENIX Security Symposium, USENIX Association, pp. 77-92, 20th USENIX Security Symposium, San Francisco, United States, 8/8/11.
    Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S et al. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium. USENIX Association. 2011. p. 77-92. (Proceedings of the 20th USENIX Security Symposium).
    Checkoway, Stephen ; McCoy, Damon ; Kantor, Brian ; Anderson, Danny ; Shacham, Hovav ; Savage, Stefan ; Koscher, Karl ; Czeskis, Alexei ; Roesner, Franziska ; Kohno, Tadayoshi. / Comprehensive experimental analyses of automotive attack surfaces. Proceedings of the 20th USENIX Security Symposium. USENIX Association, 2011. pp. 77-92 (Proceedings of the 20th USENIX Security Symposium).
    @inproceedings{3dcd75c8652841af97cdce61d5a2f8a6,
    title = "Comprehensive experimental analyses of automotive attack surfaces",
    abstract = "Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.",
    author = "Stephen Checkoway and Damon McCoy and Brian Kantor and Danny Anderson and Hovav Shacham and Stefan Savage and Karl Koscher and Alexei Czeskis and Franziska Roesner and Tadayoshi Kohno",
    year = "2011",
    month = "1",
    day = "1",
    language = "English (US)",
    series = "Proceedings of the 20th USENIX Security Symposium",
    publisher = "USENIX Association",
    pages = "77--92",
    booktitle = "Proceedings of the 20th USENIX Security Symposium",

    }

    TY - GEN

    T1 - Comprehensive experimental analyses of automotive attack surfaces

    AU - Checkoway, Stephen

    AU - McCoy, Damon

    AU - Kantor, Brian

    AU - Anderson, Danny

    AU - Shacham, Hovav

    AU - Savage, Stefan

    AU - Koscher, Karl

    AU - Czeskis, Alexei

    AU - Roesner, Franziska

    AU - Kohno, Tadayoshi

    PY - 2011/1/1

    Y1 - 2011/1/1

    N2 - Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

    AB - Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model-requiring prior physical access-has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

    UR - http://www.scopus.com/inward/record.url?scp=85061034567&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85061034567&partnerID=8YFLogxK

    M3 - Conference contribution

    AN - SCOPUS:85061034567

    T3 - Proceedings of the 20th USENIX Security Symposium

    SP - 77

    EP - 92

    BT - Proceedings of the 20th USENIX Security Symposium

    PB - USENIX Association

    ER -