This paper outlines the research into performing a remote attack against an unaltered 2014 Jeep Cherokee and similar vehicles that results in physical control of some aspects of the vehicle. Hopefully this additional remote attack research can pave the road for more secure connected cars in our future by providing this detailed information to security researchers, automotive manufacturers, automotive suppliers, and consumers.
d7f534a978ca4d25721f39404f7aad67339b186a0025047f6293bf98556c1d36
This paper investigates why physical control inconsistencies exist and present techniques that can be leveraged to more fully obtain control of the physical systems of the car while only injecting CAN bus messages. It also discusses ways to makes these systems more robust to CAN message injection.
383c15500ebb9e6fd0e34bf42e9e070b737657eb4bcf9930fb34491defdb4078
Whitepaper called A Survey of Remote Automotive Attack Surfaces. This paper attempts to analyze numerous automobiles varying in production year to show how remote attack surfaces have evolved with time and to try to quantify the difficulty of a remote attack for a variety of different automobiles. This analysis will include how large the remote attack surface is, how segmented the ECUs which have physical control of the automobile are from those accepting external input, and the features present in the automobile which allow computers to physically control it. Additionally, this paper recommends defensive strategies including an IDS-type system to detect and prevent these types of attacks.
371d87d27666d1f97678cbf4eec03704f4c1e85029009ee2439690303f7dde28
This whitepaper is a follow-up on car hacking that was an attempt to reduce this barrier to entry so more researchers could get involved.
9249c9c2c9ccfb49896bf3953a0b5ca6d1f19ab6a4f67bc032d488183dad0773
Adventures in Automotive Networks and Control Units (aka car hacking) is an overview of the original work by Charlie Miller and Chris Valasek that covers CAN bus sniffing, injection, and attacks against a Toyota Prius and Ford Escape. Also included are all the tools they used and related data.
388155dad3d4941180cc43d65a21b1b4f0febcb901ea70241f133325b8b436df
Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, the authors demonstrate how on two different vehicles that in some circumstances they are able to control the steering, braking, acceleration and display. They also propose a mechanism to detect these kinds of attacks. All technical information and code needed to reproduce these attacks is included in this archive. This was released to the community as promised by the researchers who presented their findings at Defcon 21.
794a8286ed148e6a725895876ffebe1b0e584fd41753499c11022ae5b23ac94c
Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18