Professional Documents
Culture Documents
Security Issues in Controller Area Networks in Aut
Security Issues in Controller Area Networks in Aut
net/publication/321124827
CITATIONS READS
5 1,618
3 authors:
Clyde Meli
University of Malta
11 PUBLICATIONS 31 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Clyde Meli on 15 December 2017.
Abstract—Modern vehicles may contain a considerable number of One issue with CAN is that security was not even considered
ECUs (Electronic Control Units) which are connected through during its design stages since it was thought that vehicles would
various means of communication, with the CAN (Controller Area remain closed systems [7] and [8]. When vehicles were purely
Network) protocol being the most widely used. However, several mechanical, the only way how one could gain access to a car is
vulnerabilities such as the lack of authentication and the lack of by physical access. Unfortunately, this is not the case in today’s
data encryption have been pointed out by several authors, which modern vehicles. External attack surfaces of modern
ultimately render vehicles unsafe to their users and surroundings. automobiles allow the possibility of a remote exploitation
Moreover, the lack of security in modern automobiles has been through various means of channels such as diagnostic tools, CD
studied and analyzed by other researchers as well as several
player, Bluetooth and cellular radio [9]. Considering that current
reports about modern car hacking have (already) been published.
The contribution of this work aimed to analyze and test the level
automobiles rely heavily on software due to the introduction of
of security and how resilient is the CAN protocol by taking a BMW various ECU’s, there are high chances that the code may contain
E90 (3-series) instrument cluster as a sample for a proof of concept bugs or vulnerabilities which when exploited, they can lead to
study. This investigation was carried out by building and potential risks, thus rendering vehicles unsafe. Moreover, due
developing a rogue device using cheap commercially available to lack of authentication mechanisms in the CAN protocol, an
components while being connected to the same CAN-Bus as a man attacker may also connect an external malicious device directly
in the middle device in order to send spoofed messages to the with the CAN-Bus with the intention to harm passengers or even
instrument cluster. cause dangerous accidents.