*WINNER* Cybersecurity Implications of Modern Automobiles

Abstract

Modern vehicles operate through a complex exchange of data between multiple computers, sensors, and human inputs. Largely, this data is transferred through a combination of networks which are not intended for consumer access. In particular, a Controller Area Network (CAN) is mandated for use in vehicles manufactured after 2008. CAN is designed to be a fault-tolerant system that preserves critical vehicular functions, but lacks basic security such as authentication, encryption, and proper node identification. While this has not been a major concern in the past, the popularity of low-cost consumer electronics, such as Raspberry Pi and Arduino boards, have allowed unprecedented access to these previously obfuscated networks. Hackers have established remote code execution, denial of service attacks, and private data collection from a variety of vehicles. Thus, it becomes important to understand the potential side-effects of both malicious code execution and amateur implementation of programs on vehicles. This presentation will detail our ongoing research, which aims to identify automotive vulnerabilities as well as determine a method to properly model automotive systems. By using both consumer-electronics (e.g., Raspberry Pi and Arduino boards) and manufacturer-grade solutions, we analyze the inherent properties of automotive data and the interactions which take place throughout automotive networks in an effort to detect anomalous malicious data.