Analysis of security vulnerabilities in vehicle On-Board Diagnostic systems
1
Faculty of Transport and Aviation Engineering, Silesian University of Technology
Krasińskiego Street 8, 40-019 Katowice, Poland
Submission date: 2024-06-12
Final revision date: 2024-07-29
Acceptance date: 2024-08-08
Online publication date: 2024-08-09
Publication date: 2024-08-09
Corresponding author
Piotr Pełechaty
Faculty of Transport and Aviation Engineering, Silesian University of Technology Krasińskiego Street 8, 40-019 Katowice, Poland
Faculty of Transport and Aviation Engineering, Silesian University of Technology Krasińskiego Street 8, 40-019 Katowice, Poland
Diagnostyka 2024;25(3):2024310
KEYWORDS
TOPICS
ABSTRACT
The article explains the different types of on-board diagnostic systems (OBD) used in motor vehicles, as well as the impact of the latest automotive security norms on diagnostic interface security. The paper focuses on identifying potential security threats in on-board diagnostic systems used in automotive control units. During the research, a diagnostic interface device of its own design, carrying out special test procedures, was excavated. The research was conducted on several vehicles and ECUs, applying black box penetration testing. The paper's goal is to list all identified vulnerabilities in diagnostic protocol implementation and suggest some corrective actions for software that would increase security. The authors defined a list of low-cost software requirements that can be easily implemented on most modern ECUs.
FUNDING
Research work 12/010/BK_24/1151 Department of Road Transport Faculty of Transport and Aviation Engineering Silesian University of Technology.
REFERENCES (23)
1.
ISO 15031-5:2015 Road vehicles - Communication between vehicle and external equipment for emissions-related diagnostics. Part 5: Emissions-related diagnostic services.
2.
ISO 15031-3:2023 Road vehicles - Communication between vehicle and external equipment for emissions-related diagnostics. Part 3: Diagnostic connector and related electrical circuits: Specification and use.
3.
Witaszek K, Witaszek M. Diagnosing the thermostat using vehicle on-board diagnostic (OBD) data. Diagnostyka. 2023;24(4):2023402. https://doi.org/10.29354/diag/....
4.
Wierzbicki S. Evaluation of the effectiveness of on-board diagnostic systems in controlling exhaust gas emissions from motor vehicles. Diagnostyka. 2019;20(4):75-79. https://doi.org/10.29354/diag/....
5.
ISO 15765-4:2021 Road vehicles - Diagnostic communication over Controller Area Network (DoCAN). Part 4: Requirements for emissions-related systems.
6.
Bozdal M, Samie M, Aslam S, Jennions I. Evaluation of CAN Bus Security Challenges. Sensors 2020; 20: 2364. https://doi.org/10.3390/s20082....
7.
Luo A, Spencer H. Remotely hacking a car through an OBD-II Bluetooth Dongle [Video]. Youtube. https://www.youtube.com/watch?....
8.
ISO 14229-1:2020 Road vehicles - Unified diagnostic services (UDS) — Part 1: Application layer.
9.
Kim H, Jeong Y, Choi W, Lee DH, Jo HJ. Efficient ECU analysis technology through structure-aware CAN fuzzing. IEEE Access, 2022;10:23259-23271. https://doi.org/10.1109/ACCESS....
10.
Kang TU, Song HM, Jeong S and Kim HK. Automated reverse engineering and attack for CAN using OBD-II. 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall), Chicago, IL, USA, 2018:1-7. https://doi.org/10.1109/VTCFal....
11.
Ammar M, Janjua H, Thangarajan A, Crispo B. Securing the On-Board Diagnostics Port (OBD-II) in vehicles. SAE International Journal of Transportation Cybersecurity and Privacy 2019; 2(2):83-106, 2019, https://doi.org/10.4271/11-02-....
12.
AUTOSAR Group. Specification of secure onboard communication protocol (SecOC) R21-11, 2021 https://www.autosar.org.
14.
UN Regulation No. 155 - Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system, 2021.
17.
STMicroelectronic. Reference manual RM0440 STM32G4 series advanced Arm®-based 32-bit MCUs.
19.
Matsubayashi M, Koyama T, Tanaka M. In-Vehicle network inspector utilizing diagnostic communications and web scraping for estimating ECU functions and CAN Topology. IEEE Access 20214; 12: 6239-6250. https://doi.org/10.1109/ACCESS....
20.
Ajin VW, Kumar LD, Joy J. Study of security and effectiveness of DoIP in vehicle networks. 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), Nagercoil, India, 2016; 1-6. https://doi.org/10.1109/ICCPCT....
21.
Śmieja M, Wierzbicki S, Mamala J. Sterowanie dawką wtryskiwanego paliwa w układzie Common Rail z wykorzystaniem środowiska LabView. Combustion Engines. 2013;154(3):542-548.
22.
Mokhadder, M, Zachos M, Potter, J. Evaluation of Vehicle System Performance of an SAE J1939-91C Network Security Implementation (2023) SAE Technical Papers. https://doi.org/10.4271/2023-0....
23.
OWASP Application Security Verification Standard, 10 2020, [online] Available: https://owasp.org/www-project-....
Share
RELATED ARTICLE
| eISSN: | 2449-5220 |
We process personal data collected when visiting the website. The function of obtaining information about users and their behavior is carried out by voluntarily entered information in forms and saving cookies in end devices. Data, including cookies, are used to provide services, improve the user experience and to analyze the traffic in accordance with the Privacy policy. Data are also collected and processed by Google Analytics tool (more).
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
