Sunday, January 15, 2012

Automotive Attack Surface

This morning I suggest this interesting paper titled: "Comprehensive Experimental Analyses of Automotive Attack Surfaces".  In their second paper autosec.org group analyze most of the possible attack vectors available on "last generation" automobiles. The following image shows, very well,  the amount of public interfaces in a modern cars.

Abstract :
Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model — requiring prior physical access — has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.

While past researches, included the autosec.org first paper, focused on specific car vulnerabilities this paper tries to abstract vulnerabilities describing high level threats. In particular this research describes four vulnerability class such as:  Direct Physical,  Indirect Physical, short-range wireless and long-range wireless.

I like this paper, very easy to read and very entertaining. Nothing really innovative (at least from my persona point of view) but interesting to see how common "computer security" attacks could be applied to automobiles. I really hope they don't want to build their own testing methodology, I will hate to see another personal-and-specific security testing methodology. I rather hope they will learn/adopt common security testing methodologies.





12 comments:

Autoled said...

Your analysis rally excellent. I think every one should follow when made any kind of car.
Led lighting

車査定 said...

Used cars online can be purchased from a number of sources, it can be a used cars classified , an auction website or any used cars selling company which is offering high quality an low cost cars. The most affordable and durable are Japanese used cars.

Anonymous said...

nice posting.. thanks for sharing.

How to Deal with Witches said...

Want to know how to deal with witches? Get some idea from this smart boy by clicking the link
below: http://bit.ly/BoyandtheWitch

kate zoe said...

I appreciate the work of all people who share information with others.
車査定

Evan Marcus said...

Hi,
its really nice post. i apprentice for your post. thanks for shearing it with us. keep it up.
Steering Rack

Kyoko Nitori said...

As expected, Honda Civic is on the list! I have heard that Honda is releasing a newer version of this car on 2013.It’s good see on how Civic has improve over the past few years. tradecarview

Bonney Bwire said...

I had no idea that a car had so many points of communication. My worry is, if a car can be accessed remotely then it could be very susceptible to attacks, hope this will stopped before it actually happens.

ProComp Tires

Steve Paul said...

Does Progressive insurance is available for affordable used cars

Sir David said...

that is a funny picture however it states the true things and damages that are happening to the cars these days.
tyres Cheltenham

Timon berg said...

shaz

Angelina Jullie said...

I think I have really come on the right place for getting the perfect info.
collision repair