Comprehensive Experimental Analyses of Automotive Attack Surfaces

[Nytro]

Comprehensive Experimental Analyses of Automotive Attack Surfaces

Stephen Checkoway, Damon McCoy, Brian Kantor,

Danny Anderson, Hovav Shacham, and Stefan Savage

University of California, San Diego

Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno

University of Washington

Abstract

Modern automobiles are pervasively computerized, and

hence potentially vulnerable to attack. However, while

previous research has shown that the internal networks

within some modern cars are insecure, the associated

threat model—requiring prior physical access—has

justifiably been viewed as unrealistic. Thus, it remains an

open question if automobiles can also be susceptible to

remote compromise. Our work seeks to put this question

to rest by systematically analyzing the external attack

surface of a modern automobile. We discover that remote

exploitation is feasible via a broad range of attack vectors

(including mechanics tools, CD players, Bluetooth and

cellular radio), and further, that wireless communications

channels allow long distance vehicle control, location

tracking, in-cabin audio exfiltration and theft. Finally, we

discuss the structural characteristics of the automotive

ecosystem that give rise to such problems and highlight

the practical challenges in mitigating them.

Download:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf