Type of Submission
Poster
Keywords
Bosch, Research, Car Hacking, CAN, ECU, parking assist
Proposal
The CAN (Controller Area Network) bus is a communication network that is found in every car manufactured since 1986. It allows the internal components of the car, known as Electronic Control Units (ECUs), to communicate with each other. The CAN bus consists of two wires only, high and low, and modern vehicles can contain more than 100 ECUs.
Our goal is to find vulnerabilities in a parking assist ECU we obtained from Bosch and exploit them to make the ECU exhibit unintended behavior. In order to do this, first we needed to understand CAN system protocols. Then, we needed to figure out how to send and receive CAN messages from the ECU. This required the use of both hardware and software to identify how the ECU interacts with the CAN system. Currently, we are communicating with the ECU to try to find unintended behavior.
In 2016, Charlie Miller and Chris Valasek managed to remotely hack into a 2014 Jeep Cherokee. They performed this through telnetting into the car’s entertainment system. Using this connection, they flashed an update to the car’s operating system, giving them access to the CAN bus. This allowed them to directly send messages and control the car, leading to a recall of over 1.4 million vehicles by Chrysler.
Today, cars have a larger attack surface with more electronics that can be exploited. If an attacker were to gain control over a parking assist unit, they could potentially steer the car, operate the brakes, and change the speed, presenting a serious threat to safety. That is why we have undertaken this project, to uncover any vulnerabilities and address the risks they pose.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
CAN System and Car Hacking
The CAN (Controller Area Network) bus is a communication network that is found in every car manufactured since 1986. It allows the internal components of the car, known as Electronic Control Units (ECUs), to communicate with each other. The CAN bus consists of two wires only, high and low, and modern vehicles can contain more than 100 ECUs.
Our goal is to find vulnerabilities in a parking assist ECU we obtained from Bosch and exploit them to make the ECU exhibit unintended behavior. In order to do this, first we needed to understand CAN system protocols. Then, we needed to figure out how to send and receive CAN messages from the ECU. This required the use of both hardware and software to identify how the ECU interacts with the CAN system. Currently, we are communicating with the ECU to try to find unintended behavior.
In 2016, Charlie Miller and Chris Valasek managed to remotely hack into a 2014 Jeep Cherokee. They performed this through telnetting into the car’s entertainment system. Using this connection, they flashed an update to the car’s operating system, giving them access to the CAN bus. This allowed them to directly send messages and control the car, leading to a recall of over 1.4 million vehicles by Chrysler.
Today, cars have a larger attack surface with more electronics that can be exploited. If an attacker were to gain control over a parking assist unit, they could potentially steer the car, operate the brakes, and change the speed, presenting a serious threat to safety. That is why we have undertaken this project, to uncover any vulnerabilities and address the risks they pose.
