Friday, May 14, 2010

Vehicle hacking

Researchers from UC San Diego and University of Washington have demonstrated the ability to compromise a modern automobile and assert control over critical functions of the vehicle using the government-mandated "On-Board Diagnostics (OBD-II) port. It is under the dash in virtually all modern vehicles and provides direct and standard access to internal automotive networks."

They implemented a CAN bus analyzer called CarShark and then fuzzed the protocols to find other attack vectors with significant results. 

The paper:

Experimental Security Analysis of a Modern Automobile (Or here)
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage. The IEEE Symposium on Security and Privacy, Oakland, CA, May 16-19, 2010.

They posted their Frequently Asked Questions on the paper.

While they used the OBD-II port (implying physical access was required) there are numerous wireless interfaces (such as CANRF) on board for entertainment, remote diagnostics and other features that interface with the on board network. Wireless interfaces include Bluetooth, Wifi, custom RF interfaces such as those for tire pressure, GM's Onstar system, one-way interfaces such as radio (particularly HD-radio) and Sirius and others.

Some web posts on the topic (from Stephen Northcutt):