码迷,mamicode.com
首页 > 其他好文 > 详细

汽车信息安全攻击研究、实例总结

时间:2019-12-08 01:27:35      阅读:106      评论:0      收藏:0      [点我收藏+]

标签:ever   rap   mis   sed   graph   dep   参考   pos   manage   

本文主要总结汽车信息安全相关的攻击研究和实例。(持续更新中)

A Tire Pressure Monitoring System Case Study - 2010 [1]

Tire Pressure Monitoring Systems (TPMS) are the first in-car wireless network to be integrated into all new cars in the US and will soon be deployed in the EU. This paper has evaluated the privacy and security implications of TPMS by experimentally evaluating two representative tire pressure monitoring systems. Our study revealed several security and privacy concerns. First, we reverse engineered the protocols using the GNU Radio in conjunction with the Universal Software Radio Peripheral (USRP) and found that: (i) the TPMS does not employ any cryptographic mechanisms and (ii) transmits a fixed sensor ID in each packet, which raises the possibility of tracking vehicles through these identifiers. Sensor transmissions can be triggered from roadside stations through an activation signal. We further found that neither the heavy shielding from the metallic car body nor the lowpower transmission has reduced the range of eavesdropping sufficiently to reduce eavesdropping concerns. In fact, TPMS packets can be intercepted up to 40 meters from a passing car using the GNU Radio platform with a low-cost, low-noise amplifier. We note that the eavesdropping range could be further increased with directional antennas, for example.

We also found out that current implementations do not appear to follow basic security practices. Messages are not authenticated and the vehicle ECU also does not appear to use input validation. We were able to inject spoofed messages and illuminate the low tire pressure warning lights on a car traveling at highway speeds from another nearby car, and managed to disable the TPMS ECU by leveraging packet spoofing to repeatedly turn on and off warning lights.

原文地址: 百度学术可以搜索到大量免费下载地址

参考

[1] Rouf I , Miller R D , Mustafa H A , et al. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study[C]// 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings. DBLP, 2010.
[2] Craig Smith 著, 杜静,李博译. 汽车黑客大曝光. 2017

汽车信息安全攻击研究、实例总结

标签:ever   rap   mis   sed   graph   dep   参考   pos   manage   

原文地址:https://www.cnblogs.com/byronsh/p/vehicle-security-attack-research-example.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!