Jeremy Daily, David Nnaji, and Ben Ettlinger (Colorado State University)

Diagnostics and maintenance systems create frequent, legitimate, and intermittent connections to a vehicle’s communication network. These connections are typically made with a vehicle diagnostics adapter (VDA), which serves to translate vehicle network communications to a Windows based service computer running diagnostics software. With heavy vehicles, the diagnostic systems are written and maintained by the supplier of the electronic control units. This means there may be multiple different software packages needed to maintain a heavy vehicle. However, all of these software systems use an interface defined by the American Trucking Association (ATA) through their Technology and Maintenance Council (TMC) using Recommended Practice (RP) number 1210, the Windows API for vehicle diagnostics. Therefore, most diagnostics and maintenance communications on a heavy vehicles utilize a thirdparty VDA with little to no cybersecurity controls. The firmware and drivers for the VDA can be entry points for cyber attacks. In this demonstration, a vehicle diagnostics session is attacked using the VDA firmware, VDA PC driver, and a middle-person attack. A proposed secure diagnostics gateway is demonstrated to secure the diagnostics communications between the heavy vehicle network and the diagnostics application, thus defending against attacks on vulnerable VDA components. Furthermore, the maintenance operations are often trusted and an attacker gains physical access to the vehicle with the unknowing technician. Since these diagnostic systems are connected to the Internet and run Windows, the traditional security issues associated with Windows PCs are now part of the heavy vehicle.

View More Papers

Experimental Evaluation of a Binary-level Symbolic Analyzer for Spectre:...

Lesly-Ann Daniel (CEA List), Sébastien Bardin (CEA List, Université Paris-Saclay), Tamara Rezk (INRIA)

Read More

A First Look at Scams on YouTube

Elijah Bouma-Sims, Bradley Reaves (North Carolina State University)

Read More

A Framework for Consistent and Repeatable Controller Area Network...

Paul Agbaje (University of Texas at Arlington), Afia Anjum (University of Texas at Arlington), Arkajyoti Mitra (University of Texas at Arlington), Gedare Bloom (University of Colorado Colorado Springs) and Habeeb Olufowobi (University of Texas at Arlington)

Read More

Debunking Exposure Notification

Serge Vaudenay, EPFL, Switzerland

Read More