Fuzzing CAN Packets into Automobiles

2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops Pub Date : 2015-03-24 DOI:10.1109/AINA.2015.274

Hyeryun Lee, Kyunghee Choi, K. Chung, Jaein Kim, Kangbin Yim

{"title":"Fuzzing CAN Packets into Automobiles","authors":"Hyeryun Lee, Kyunghee Choi, K. Chung, Jaein Kim, Kangbin Yim","doi":"10.1109/AINA.2015.274","DOIUrl":null,"url":null,"abstract":"There have been many warnings that automobiles are vulnerable to the attacks through the network, CAN which connects the ECUs (Electrical Control Units) embedded in the automobiles. Some previous studies showed that the warnings were actual treats. They analyzed the packets flowing on the network and used the packets constructed based on the analysis. We show that it is possible to attack automobiles without any in-depth knowledge about automobiles and specially designed tools to analyze the packets. Experiments are performed in two phases. In the first phase, the victims automobiles are attacked with the packets constructed with the CAN IDs gathered from the sniffed packets flowing in the automobiles. It is not a problem at all to gather CANIDs since CAN is an open simple standard protocol and there are many tools to sniff CAN packets in the Internet. In the second phase, the attack packets are constructed in a completely random manner without any previous information such as CAN IDs. The packets are injected into the network via Bluetooth, a wireless channel. Through the experiments, we show the network vulnerability of automobiles.","PeriodicalId":6845,"journal":{"name":"2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops","volume":"228 1","pages":"817-821"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINA.2015.274","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 44

Abstract

There have been many warnings that automobiles are vulnerable to the attacks through the network, CAN which connects the ECUs (Electrical Control Units) embedded in the automobiles. Some previous studies showed that the warnings were actual treats. They analyzed the packets flowing on the network and used the packets constructed based on the analysis. We show that it is possible to attack automobiles without any in-depth knowledge about automobiles and specially designed tools to analyze the packets. Experiments are performed in two phases. In the first phase, the victims automobiles are attacked with the packets constructed with the CAN IDs gathered from the sniffed packets flowing in the automobiles. It is not a problem at all to gather CANIDs since CAN is an open simple standard protocol and there are many tools to sniff CAN packets in the Internet. In the second phase, the attack packets are constructed in a completely random manner without any previous information such as CAN IDs. The packets are injected into the network via Bluetooth, a wireless channel. Through the experiments, we show the network vulnerability of automobiles.

查看原文本刊更多论文

模糊CAN数据包进入汽车

很多人警告说，通过连接汽车内嵌的电子控制单元(ecu)的网络CAN，汽车很容易受到攻击。之前的一些研究表明，这些警告实际上是一种款待。他们分析了在网络上流动的数据包，并使用基于分析构建的数据包。我们表明，在没有深入了解汽车和专门设计的工具来分析数据包的情况下，攻击汽车是可能的。实验分两个阶段进行。在第一阶段，利用从汽车中收集的嗅探数据包的CAN id构造的数据包攻击受害者汽车。收集canid根本不是问题，因为CAN是一个开放的简单标准协议，并且有许多工具可以嗅探Internet中的CAN数据包。在第二阶段，攻击报文是完全随机构造的，没有任何预先的信息，如CAN id。数据包通过蓝牙(一种无线通道)注入网络。通过实验，我们展示了汽车网络的脆弱性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops

自引率

0.00%

发文量