Abnormal vehicle behavior induced using only fabricated informative CAN messages

Abstract

We present a method for influencing vehicle behaviors using only informative Controller Area Network (CAN) messages. Some recent vehicle attack techniques have been shown to have a significant impact on the automotive industry. Almost all previous studies employ active CAN messages that induce actions for the attacks, but there have been no studies that explicitly use only the informative CAN messages. Furthermore, very few investigations have reported successful attacks regarding acceleration which is significant. This is the first report of using only informative CAN messages in an attack especially targeting a driving-support system. Through experiments, we show that abnormal acceleration or deceleration is induced using informative messages regarding the wheel speed when a cruise control system is activated. We also find that the speed limit control of the cruise control system can be disabled and the parking assist function can be abruptly canceled without driver intention using such kinds of messages. The experimental results reveal that fabricated informative CAN messages can manipulate the vehicle to yield improper behavior. We mention solutions that mitigate such attacks. We believe that this study will bring a new perspective to automotive security toward system design.