Analysis of security vulnerabilities in vehicle On-Board Diagnostic systems
 
More details
Hide details
1
Faculty of Transport and Aviation Engineering, Silesian University of Technology Krasińskiego Street 8, 40-019 Katowice, Poland
 
 
Submission date: 2024-06-12
 
 
Final revision date: 2024-07-29
 
 
Acceptance date: 2024-08-08
 
 
Online publication date: 2024-08-09
 
 
Publication date: 2024-08-09
 
 
Corresponding author
Piotr Pełechaty   

Faculty of Transport and Aviation Engineering, Silesian University of Technology Krasińskiego Street 8, 40-019 Katowice, Poland
 
 
Diagnostyka 2024;25(3):2024310
 
KEYWORDS
TOPICS
ABSTRACT
The article explains the different types of on-board diagnostic systems (OBD) used in motor vehicles, as well as the impact of the latest automotive security norms on diagnostic interface security. The paper focuses on identifying potential security threats in on-board diagnostic systems used in automotive control units. During the research, a diagnostic interface device of its own design, carrying out special test procedures, was excavated. The research was conducted on several vehicles and ECUs, applying black box penetration testing. The paper's goal is to list all identified vulnerabilities in diagnostic protocol implementation and suggest some corrective actions for software that would increase security. The authors defined a list of low-cost software requirements that can be easily implemented on most modern ECUs.
FUNDING
Research work 12/010/BK_24/1151 Department of Road Transport Faculty of Transport and Aviation Engineering Silesian University of Technology.
 
REFERENCES (23)
1.
ISO 15031-5:2015 Road vehicles - Communication between vehicle and external equipment for emissions-related diagnostics. Part 5: Emissions-related diagnostic services.
 
2.
ISO 15031-3:2023 Road vehicles - Communication between vehicle and external equipment for emissions-related diagnostics. Part 3: Diagnostic connector and related electrical circuits: Specification and use.
 
3.
Witaszek K, Witaszek M. Diagnosing the thermostat using vehicle on-board diagnostic (OBD) data. Diagnostyka. 2023;24(4):2023402. https://doi.org/10.29354/diag/....
 
4.
Wierzbicki S. Evaluation of the effectiveness of on-board diagnostic systems in controlling exhaust gas emissions from motor vehicles. Diagnostyka. 2019;20(4):75-79. https://doi.org/10.29354/diag/....
 
5.
ISO 15765-4:2021 Road vehicles - Diagnostic communication over Controller Area Network (DoCAN). Part 4: Requirements for emissions-related systems.
 
6.
Bozdal M, Samie M, Aslam S, Jennions I. Evaluation of CAN Bus Security Challenges. Sensors 2020; 20: 2364. https://doi.org/10.3390/s20082....
 
7.
Luo A, Spencer H. Remotely hacking a car through an OBD-II Bluetooth Dongle [Video]. Youtube. https://www.youtube.com/watch?....
 
8.
ISO 14229-1:2020 Road vehicles - Unified diagnostic services (UDS) — Part 1: Application layer.
 
9.
Kim H, Jeong Y, Choi W, Lee DH, Jo HJ. Efficient ECU analysis technology through structure-aware CAN fuzzing. IEEE Access, 2022;10:23259-23271. https://doi.org/10.1109/ACCESS....
 
10.
Kang TU, Song HM, Jeong S and Kim HK. Automated reverse engineering and attack for CAN using OBD-II. 2018 IEEE 88th Vehicular Technology Conference (VTC-Fall), Chicago, IL, USA, 2018:1-7. https://doi.org/10.1109/VTCFal....
 
11.
Ammar M, Janjua H, Thangarajan A, Crispo B. Securing the On-Board Diagnostics Port (OBD-II) in vehicles. SAE International Journal of Transportation Cybersecurity and Privacy 2019; 2(2):83-106, 2019, https://doi.org/10.4271/11-02-....
 
12.
AUTOSAR Group. Specification of secure onboard communication protocol (SecOC) R21-11, 2021 https://www.autosar.org.
 
13.
ISO/SAE 21434:2021 Road vehicles - Cybersecurity engineering.
 
14.
UN Regulation No. 155 - Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system, 2021.
 
15.
STMicroelectronic. User Manual. UM2505 STM32G4 Nucleo-64 boards (MB1367).
 
17.
STMicroelectronic. Reference manual RM0440 STM32G4 series advanced Arm®-based 32-bit MCUs.
 
19.
Matsubayashi M, Koyama T, Tanaka M. In-Vehicle network inspector utilizing diagnostic communications and web scraping for estimating ECU functions and CAN Topology. IEEE Access 20214; 12: 6239-6250. https://doi.org/10.1109/ACCESS....
 
20.
Ajin VW, Kumar LD, Joy J. Study of security and effectiveness of DoIP in vehicle networks. 2016 International Conference on Circuit, Power and Computing Technologies (ICCPCT), Nagercoil, India, 2016; 1-6. https://doi.org/10.1109/ICCPCT....
 
21.
Śmieja M, Wierzbicki S, Mamala J. Sterowanie dawką wtryskiwanego paliwa w układzie Common Rail z wykorzystaniem środowiska LabView. Combustion Engines. 2013;154(3):542-548.
 
22.
Mokhadder, M, Zachos M, Potter, J. Evaluation of Vehicle System Performance of an SAE J1939-91C Network Security Implementation (2023) SAE Technical Papers. https://doi.org/10.4271/2023-0....
 
23.
OWASP Application Security Verification Standard, 10 2020, [online] Available: https://owasp.org/www-project-....
 
eISSN:2449-5220
Journals System - logo
Scroll to top