Experimental security analysis of a modern automobile

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Snachám, Stefan Savage

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

    Original languageEnglish (US)
    Title of host publication2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings
    Pages447-462
    Number of pages16
    DOIs
    StatePublished - 2010
    Event31st IEEE Symposium on Security and Privacy, SP 2010 - Berkeley/Oakland, CA, United States
    Duration: May 16 2010May 18 2010

    Other

    Other31st IEEE Symposium on Security and Privacy, SP 2010
    CountryUnited States
    CityBerkeley/Oakland, CA
    Period5/16/105/18/10

    Fingerprint

    Automobiles
    Railroad cars
    Network security
    Digital computers
    Braking
    Brakes
    Ecosystems
    Wheels
    Engines
    Composite materials
    Experiments

    Keywords

    • Automobiles
    • Communication standards
    • Communication system security
    • Computer security
    • Data buses

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Software
    • Computer Networks and Communications

    Cite this

    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., ... Savage, S. (2010). Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings (pp. 447-462). [5504804] https://doi.org/10.1109/SP.2010.34

    Experimental security analysis of a modern automobile. / Koscher, Karl; Czeskis, Alexei; Roesner, Franziska; Patel, Shwetak; Kohno, Tadayoshi; Checkoway, Stephen; McCoy, Damon; Kantor, Brian; Anderson, Danny; Snachám, Hovav; Savage, Stefan.

    2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings. 2010. p. 447-462 5504804.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Koscher, K, Czeskis, A, Roesner, F, Patel, S, Kohno, T, Checkoway, S, McCoy, D, Kantor, B, Anderson, D, Snachám, H & Savage, S 2010, Experimental security analysis of a modern automobile. in 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings., 5504804, pp. 447-462, 31st IEEE Symposium on Security and Privacy, SP 2010, Berkeley/Oakland, CA, United States, 5/16/10. https://doi.org/10.1109/SP.2010.34
    Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S et al. Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings. 2010. p. 447-462. 5504804 https://doi.org/10.1109/SP.2010.34
    Koscher, Karl ; Czeskis, Alexei ; Roesner, Franziska ; Patel, Shwetak ; Kohno, Tadayoshi ; Checkoway, Stephen ; McCoy, Damon ; Kantor, Brian ; Anderson, Danny ; Snachám, Hovav ; Savage, Stefan. / Experimental security analysis of a modern automobile. 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings. 2010. pp. 447-462
    @inproceedings{bf5a63f7ad3e40d39e7c126d77852622,
    title = "Experimental security analysis of a modern automobile",
    abstract = "Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.",
    keywords = "Automobiles, Communication standards, Communication system security, Computer security, Data buses",
    author = "Karl Koscher and Alexei Czeskis and Franziska Roesner and Shwetak Patel and Tadayoshi Kohno and Stephen Checkoway and Damon McCoy and Brian Kantor and Danny Anderson and Hovav Snach{\'a}m and Stefan Savage",
    year = "2010",
    doi = "10.1109/SP.2010.34",
    language = "English (US)",
    isbn = "9780769540351",
    pages = "447--462",
    booktitle = "2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings",

    }

    TY - GEN

    T1 - Experimental security analysis of a modern automobile

    AU - Koscher, Karl

    AU - Czeskis, Alexei

    AU - Roesner, Franziska

    AU - Patel, Shwetak

    AU - Kohno, Tadayoshi

    AU - Checkoway, Stephen

    AU - McCoy, Damon

    AU - Kantor, Brian

    AU - Anderson, Danny

    AU - Snachám, Hovav

    AU - Savage, Stefan

    PY - 2010

    Y1 - 2010

    N2 - Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

    AB - Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

    KW - Automobiles

    KW - Communication standards

    KW - Communication system security

    KW - Computer security

    KW - Data buses

    UR - http://www.scopus.com/inward/record.url?scp=77955201139&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=77955201139&partnerID=8YFLogxK

    U2 - 10.1109/SP.2010.34

    DO - 10.1109/SP.2010.34

    M3 - Conference contribution

    SN - 9780769540351

    SP - 447

    EP - 462

    BT - 2010 IEEE Symposium on Security and Privacy, SP 2010 - Proceedings

    ER -