Comprehensive Experimental Analyses of Automotive Attack Surfaces Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham,

Slides:



Advertisements
Similar presentations
Experimental Security Analysis of a Modern Automobile
Advertisements

1 Security in Wireless Protocols Bluetooth, , ZigBee.
Are You Smarter Than a 5 th Grader? 1,000,000 5th Grade BonusGrade 5th Grade BonusGrade 4th Grade 4th Grade Fill-in-the-Blank 4th Grade 4th Grade Fill-in-the-Blank.
Car Hacking Patrick, James, Penny.
Transmission technology William Kemp. Infrared Infrared data travels in shorter (near infrared waves). These waves enable data to be sent and receive.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Car Operating Systems Ryan Benesky. The Beginning of Car Computers 1970s Was the beginning of the EPA and regulations to clean up the environment. In.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Sujeeth Narayan1 Smartphones Security CS 691 Sujeeth Narayan.
Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.
Comprehensive Experimental Analyses of Automotive Attack Surfaces
ETHICS IN COMPUTER SCIENCE Hacking and identity theft.
Smartphones. Lesson Objectives To understand and demonstrate an understanding of Smartphones.
Internet Security In the 21st Century Presented by Daniel Mills.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Trusted Computing Technologies for Embedded Systems and Sensor Networks Adrian Perrig Carnegie Mellon University.
AS ICT.  A portable communication device is a pocket sized device that is carried around by an individual  They typically have a display screen with.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Communications & Networks
Graduate Operating Systems Mini-Project: Hacking Bluetooth In Linux Alan Joseph J Caceres.
Chapter 5: Computer Networks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
ANTI THEFT PROTECTION SYSTEMS IMMOBILISER LECTURER NAME: MR
RCEEMS Project Remotely Controlled Engine Management System Valery Gorohovsky & Shmuel Koyas Supervised by Boaz Mizrachi 19/04/2012.
INTRODUCTION Bluetooth technology is code name for Personal Area Network (PAN) technology that makes it extremely easy to connect a mobile, computing device.
Information Security and Computer Systems: An Integrated Approach Mark A. Holliday and Bill Kreahling, Dept of Mathematics and Computer Science Western.
Lector: Aliyev H.U. Lecture №15: Telecommun ication network software design multimedia services. TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES THE DEPARTMENT.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Mark J. Salamango Chief Pervasive Architect USA TACOM Tel: Fax: Pervasive Computing: Why did the logistics.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Security Analysis of a Cryptographically- Enabled RFID Device Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo Usenix.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Advanced Network Security Dr. Attila Altay Yavuz Topic 1.2 Course and Project Overview.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
BASIC INTERNET PROTOCOLS: http, ftp, telnet. Mirela Walczak.
G063 - Standards & Protocols. Learning Objectives: By the end of this topic you will be able to: explain the importance of standards for communicating.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
발표자 : 현근수 Bluetooth. Overview wireless protocol short-range communications technology single digital wireless protocol connecting multiple devices mobile.
Vulnerability Study of the Android Ryan Selley, Swapnil Shinde, Michael Tanner, Madhura Tipnis, Colin Vinson (Group 8)
Private Branch eXchange (PBX)
Unit 9: Distributing Computing & Networking Kaplan University 1.
Wireless and Mobile Security
Objective: Students will learn the formal essay writing format. Bellwork: What is so important about the thesis statement?
ETHICS IN COMPUTER SCIENCE Hacking and identity theft.
Cybersecurity Test Review Introduction to Digital Technology.
Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Agenda AR500X and AR550X End of Life (EOL) Information
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.
OBD Inspection Using SAE J2534.
Comprehensive Experimental Analyses of Automotive Attack Surfaces
Comprehensive Experimental Analyses of Automotive Attack Surfaces
Mobile Hacking - Fundamentals
Security of In-Vehicle Software
Risk of the Internet At Home
Aniket Shah & Alexander Witt
Internet of Things Vulnerabilities
The Internet of Unsecure Things
Unit 1.6 Systems security Lesson 2
Comprehensive Experimental Analyses of Automotive Attack Surfaces
Network and security practices in automotive systems
Network and security trends in connected cars
Hush Smart Baby Monitor Exploit
Presentation transcript:

Comprehensive Experimental Analyses of Automotive Attack Surfaces Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno Presentation by Evan Frenn

 Introduction  Threat Model  Vehicle Attack Surface  Vulnerability Analysis  Indirect Physical Exploits  Short-range Wireless Exploits  Long-range Wireless Exploits  Threat Motivation  Fixes and Conclusion Overview

Shift of modern cars towards control by distributed computing systems o Systems controlled by tens of Electronic Control Units (ECUs) o Entire system consists of millions of lines of code o Multiple separate communication buses  Security driven? o Last holdouts include parking brake and steering shaft (Parallel parking) Are these systems secure? o Previous work focused vulnerabilities requiring prior physical access  Negative response of realism of threat model o Focus: Analysis of external attack vectors o Published in USENIX Security 2011 Introduction

Technical Capabilities  Adversary capabilities in analyzing the system and developing exploits o Strong focus on making technical capabilities realistic Operational Capabilities  Analysis of attack surface of vehicles and how malicious payload can be delivered o Indirect physical access, short-range wireless access, and long-range wireless access Threat Model

Indirect physical access: o OBD-II (PassThru)* o Audio system* Short-range wireless access: o Bluetooth* o Remote Keyless Entery o Tire Pressure (TPMS)? o Wifi Long-range wireless access: o GPS o Satellite Radio o Digital Radio o Remote Telematics Systems* Vehicle Attack Surface

“ Moderately priced late model sedan with the standard options and components” o Car includes < 30 ECUs controlling o Issue with anecdotal analysis? o Purchased multiple replacement ECUs and a PassThru device Every vulnerability demonstrated allowed complete control of vehicle’s system o General Procedure: o Identify microprocessor (PowerPC, ARM, Super-H, etc) o Extract firmware and reverse engineer using debugging devices/software where possible o Exploit vulnerability or simply reprogram ECU Vulnerability Analysis Intro

Exploitation Summary

Media Player  found two exploits 1)Latent update capability of player manufacturer o Updates when user does nothing?! 2)WMA parser vulnerability o Audio file parse correctly on a PC - In vehicle send arbitrary CAN packets Indirect Physical Exploits

OBD-II: o Looked at PassThru device from manufacturer (used on all their production vehicles) o Found no authentication for PC’s on same WIFI network o Found exploit allowing reprogramming of PassThru  Allows for PassThru worm  Allows for control of vehicle reprogramming  Includes unsecured and unused Linux programs Indirect Physical Exploits Ctd.

Bluetooth: o Found popular Bluetooth protocol stack with custom manufacture code on top  Custom code contained 20 unsafe calls to strcpy() o Indirect attack  assumes attacker has paired device  Implemented Trojan on Android device to compromise machine o Direct attack  exploits with a paired device  Requires brute force of PIN to pair device (10 hours)  Limited by response of vehicle’s Bluetooth Short-Range Wireless Exploitation

Telematics Connectivity: o Similar to Bluetooth  3 rd party device with manufacturer code on top  Again found exploit in transition from 3 rd party to manufacturer “Command” program for data transfer  Lucky for manufacturer  bandwidth did not allow exploit transfer within timeout Exploit required of authentication code 1)Random nonce not so random 2)Bug that allows authentication without correct response Long-range Wireless Exploitation

Theft: o Scary version  mass attack cellular network creating vehicle botnet o Able to have cars report VIN and GPS o Can unlock doors, start engine and fully startup car o Cannot disable steering column lock Surveillance: o Allows audio recording from in-cabin microphone Threat Motivation

Looked at easily available fixes to exploits: o Standard security engineering best-practices e.g. don’t use unsafe strcpy  instead strncpy o Removing debugging and error symbols o Use stack cookies and ASLR o Remove unused services e.g. telnet and ftp o Code guards? o Authentication before reflashing? Security Fixes

Vulnerability causes: o Lack of adversarial pressure o Conflicting interests of ECU software manufacturers and car manufacturers Ex: Telematics, Bluetooth & Media Player Penetration testing? Will it evolve like PC security? Conclusion

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.