Cyber-security internals of a Skoda Octavia vRS:a hands on approach

The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc. . . ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified

Security attacks on RECKLESS-APPs: Remote car keyless applications for new semi autonomous vehicles

Rapid technological advancements of vehicle manufacturing and the modern wireless technology opens the door for several new Intelligent Transportation applications. Remote Keyless system in vehicles is considered one of the famous applications that has been developed recently, which is susceptible to many cyberattacks. Remote Keyless applications on smartphones were developed in the past few years to perform the functionality of keyless fob and are expected to replace the physical keyless fobs in the next few years, which can open the door to many cyberattacks. In this research, we implemented a simulation that represents the REmote Car KeyLESS Applications (RECKLESS-apps) on the smartphones. In this thesis we demonstrate the types of cyber-attacks these applications could face. Our research serves as a proof that remote car keyless applications that would replace the physical keys could be vulnerable to various malicious cyber-attacks. We study these attacks and provide remedies, cyber-hygiene and best practices to remedy some of these attacks

Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cyber Security

In a public service announcement on March 17, 2016, the Federal Bureau of Investigation (FBI) jointly with the Department of Transportation and the National Highway Traffic Safety Administration, released a warning over the increasing vulnerability of motor vehicles to remote exploits . Engine shutdown, disable brakes and door locks are few examples of the possible vehicle cyber security attacks. Modern cars grow into a new target for cyberattacks as they become increasingly connected. While driving on the road, sharks (i.e., hackers) only need to be within communication range of your vehicle to attack it. However, in some cases, they can hack into it while they are miles away. In this article, we aim to illuminate the latest vehicle cyber security threats including malware attacks, On-Board Diagnostic (OBD) vulnerabilities, and auto mobile apps threats. We illustrate the In-Vehicle network architecture and demonstrate the latest defending mechanisms that are designed to mitigate such threats