Abstract—
Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by
dozens of digital computers coordinated via internal vehicular
networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of
new potential risks. In this paper we experimentally evaluate
these issues on a modern automobile and demonstrate the
fragility of the underlying system structure. We demonstrate
that an attacker who is able to infiltrate virtually any Electronic
Control Unit (ECU) can leverage this ability to completely
circumvent a broad array of safety-critical systems. Over a
range of experiments, both in the lab and in road tests, we
demonstrate the ability to adversarially control a wide range
of automotive functions and completely ignore driver input—
including disabling the brakes, selectively braking individual
wheels on demand, stopping the engine, and so on. We find
that it is possible to bypass rudimentary network security
protections within the car, such as maliciously bridging between
our car’s two internal subnets. We also present composite
attacks that leverage individual weaknesses, including an attack
that embeds malicious code in a car’s telematics unit and
that will completely erase any evidence of its presence after a
crash. Looking forward, we discuss the complex challenges in
addressing these vulnerabilities while considering the existing
automotive ecosystem.
Through 80 years of mass-production, the passenger automobile has remained superficially static: a single gasolinepowered internal combustion engine; four wheels; and the
familiar user interface of steering wheel, throttle, gearshift,
and brake. However, in the past two decades the underlying
control systems have changed dramatically. Today’s automobile is no mere mechanical device, but contains a myriad of
computers. These computers coordinate and monitor sensors,
components, the driver, and the passengers. Indeed, one
recent estimate suggests that the typical luxury sedan now
contains over 100 MB of binary code spread across 50–70 independent computers — Electronic Control Units (ECUs)
in automotive vernacular — in turn communicating over one
or more shared internal network buses [8], [13].
Get Free Quote!
332 Experts Online