Carson Green, Rik Chatterjee, Jeremy Daily (Colorado State University)

Modern automotive operations are governed by embedded computers that communicate over standardized protocols, forming the backbone of vehicular networking. In the domain of commercial vehicles, these systems predominantly rely on the high-level protocols running on top of the Controller Area Network (CAN) protocol for internal communication in medium and heavy-duty applications. Critical to this ecosystem is the Unified Diagnostics Services (UDS) protocol, outlined in ISO 14229 (Unified Diagnostic Services - UDS) and ISO 15765 (Diagnostic Communication over CAN), which provides essential diagnostic functionalities. This paper presents three distinct scenarios, demonstrating potential shortcomings of the UDS protocol standards and how they can be exploited to launch attacks on in-vehicle computers in commercial vehicles while bypassing security mechanisms.

In the initial two scenarios, we identify and demonstrate two vulnerabilities in the ISO 14229 protocol specifications. Subsequently, in the final scenario, we highlight and demonstrate a vulnerability specific to the ISO 15765 protocol specifications.

For demonstration purposes, bench-level test systems equipped with real Electronic Control Units (ECUs) connected to a CAN bus were utilized. Additional testing was conducted on a comprehensively equipped front cab assembly of a 2018 Freightliner Cascadia truck, configured as an advanced test bench. The test results reveal how attacks targeting specific protocols can compromise individual ECUs. Furthermore, in the Freightliner Cascadia truck setup, we found a network architecture typical of modern vehicles, where a gateway unit segregates internal ECUs from diagnostics. This gateway, while designed to block standard message injection and spoofing attacks, specifically allows all UDS-based diagnostic messages. This selective allowance inadvertently creates a vulnerability to UDS protocol attacks, underscoring a critical area for security enhancements in commercial vehicle networks. These findings are crucial for engineers and programmers responsible for implementing the diagnostic protocols in their communication subsystems, emphasizing the need for enhanced security measures.

View More Papers

Transforming Raw Authentication Logs into Interpretable Events

Seth Hastings, Tyler Moore, Corey Bolger, Philip Schumway (University of Tulsa)

Read More

Acoustic Keystroke Leakage on Smart Televisions

Tejas Kannan (University of Chicago), Synthia Qia Wang (University of Chicago), Max Sunog (University of Chicago), Abraham Bueno de Mesquita (University of Chicago Laboratory Schools), Nick Feamster (University of Chicago), Henry Hoffmann (University of Chicago)

Read More

ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and...

Linkai Zheng (Tsinghua University), Xiang Li (Tsinghua University), Chuhan Wang (Tsinghua University), Run Guo (Tsinghua University), Haixin Duan (Tsinghua University; Quancheng Laboratory), Jianjun Chen (Tsinghua University; Zhongguancun Laboratory), Chao Zhang (Tsinghua University; Zhongguancun Laboratory), Kaiwen Shen (Tsinghua University)

Read More

Using Behavior Monitoring to Identify Privacy Concerns in Smarthome...

Atheer Almogbil, Momo Steele, Sofia Belikovetsky (Johns Hopkins University), Adil Inam (University of Illinois at Urbana-Champaign), Olivia Wu (Johns Hopkins University), Aviel Rubin (Johns Hopkins University), Adam Bates (University of Illinois at Urbana-Champaign)

Read More