Biblio

As modern vehicles are complex IoT devices with intelligence capable to connect to an external infrastructure and use Vehicle-to-Everything (V2X) communication, there is a need to secure the communication to avoid being a target for cyber-attacks. Also, the organs of the car (sensors, communication, and control) each could have a vulnerability, that leads to accidents or potential deaths. Manufactures of cars have a huge responsibility to secure the safety of their costumers and should not skip the important security research, instead making sure to implement important security measures, which makes your car less likely to be attacked. This paper covers the relevant attacks and threats to modern vehicles and presents a security analysis with potential countermeasures. We discuss the future of modern and autonomous vehicles and conclude that more countermeasures must be taken to create a future and safe concept.

Modern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.