Simulated Attacks on CAN Buses: Vehicle virus

Paper in proceeding, 2008

Contemporary vehicles contain a number of electronic control units (ECUs), which are connected in a network and provide various vehicle functionalities. The firmware on the ECUs need to be kept up-to-date to provide better and safer functionalities. An upcoming trend for automotive manufacturers is to create seamless interaction between the vehicle and fleet management to provide remote diagnostics and firmware updates over the air. To allow this, the previously isolated in-vehicle network must connect to an external network, and is thus exposed to a whole new range of threats, collectively known as cyber attacks. In this paper we have evaluated the ability of the current in-vehicle network to withstand cyber attacks by simulating a set of plausible attacks targeting the ECUs on the CAN bus. The results show that the network lacks sufficient protection against these attacks, and we therefore extensively discuss the future security needs for preventing, detecting, countering and recovering from such attacks.