Type of Submission

Poster

Keywords

Bosch, Research, Car Hacking, CAN, ECU, parking assist

Proposal

The CAN (Controller Area Network) bus is a communication network that is found in every car manufactured since 1986. It allows the internal components of the car, known as Electronic Control Units (ECUs), to communicate with each other. The CAN bus consists of two wires only, high and low, and modern vehicles can contain more than 100 ECUs.

Our goal is to find vulnerabilities in a parking assist ECU we obtained from Bosch and exploit them to make the ECU exhibit unintended behavior. In order to do this, first we needed to understand CAN system protocols. Then, we needed to figure out how to send and receive CAN messages from the ECU. This required the use of both hardware and software to identify how the ECU interacts with the CAN system. Currently, we are communicating with the ECU to try to find unintended behavior.

In 2016, Charlie Miller and Chris Valasek managed to remotely hack into a 2014 Jeep Cherokee. They performed this through telnetting into the car’s entertainment system. Using this connection, they flashed an update to the car’s operating system, giving them access to the CAN bus. This allowed them to directly send messages and control the car, leading to a recall of over 1.4 million vehicles by Chrysler.

Today, cars have a larger attack surface with more electronics that can be exploited. If an attacker were to gain control over a parking assist unit, they could potentially steer the car, operate the brakes, and change the speed, presenting a serious threat to safety. That is why we have undertaken this project, to uncover any vulnerabilities and address the risks they pose.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Publication Date

2023

Share

COinS
 

CAN System and Car Hacking

The CAN (Controller Area Network) bus is a communication network that is found in every car manufactured since 1986. It allows the internal components of the car, known as Electronic Control Units (ECUs), to communicate with each other. The CAN bus consists of two wires only, high and low, and modern vehicles can contain more than 100 ECUs.

Our goal is to find vulnerabilities in a parking assist ECU we obtained from Bosch and exploit them to make the ECU exhibit unintended behavior. In order to do this, first we needed to understand CAN system protocols. Then, we needed to figure out how to send and receive CAN messages from the ECU. This required the use of both hardware and software to identify how the ECU interacts with the CAN system. Currently, we are communicating with the ECU to try to find unintended behavior.

In 2016, Charlie Miller and Chris Valasek managed to remotely hack into a 2014 Jeep Cherokee. They performed this through telnetting into the car’s entertainment system. Using this connection, they flashed an update to the car’s operating system, giving them access to the CAN bus. This allowed them to directly send messages and control the car, leading to a recall of over 1.4 million vehicles by Chrysler.

Today, cars have a larger attack surface with more electronics that can be exploited. If an attacker were to gain control over a parking assist unit, they could potentially steer the car, operate the brakes, and change the speed, presenting a serious threat to safety. That is why we have undertaken this project, to uncover any vulnerabilities and address the risks they pose.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.