Reversing Kia Motors Head Unit to discover and exploit software vulnerabilities-Reference-Cited by-同舟云学术

Reversing Kia Motors Head Unit to discover and exploit software vulnerabilities

Published:2022-05-25 Issue:1 Volume:19 Page:33-49
ISSN:2263-8733
Container-title:Journal of Computer Virology and Hacking Techniques
language:en
Short-container-title:J Comput Virol Hack Tech

Author:

Costantino Gianpiero^ORCID,Matteucci Ilaria

Abstract

AbstractModern vehicles resemble four-wheels computers connected to the Internet via their In-Vehicle Infotainment (IVI) systems. As with PCs in the past, cars, being connected to the Internet can be potentially vulnerable. The IVI system of a car is part of the intra-vehicle network and can be the entry-point of offensive cybersecurity attacks. The intra-vehicle network, based on the CAN protocol, is vulnerable by design: messages are exchanged in clear. Thus, the uncontrolled access to the CAN bus may have serious impact on the vehicle itself and its passengers. In this paper, we present a vulnerability assessment, through a reverse engineering process, of Kia vehicles IVI system. In particular, we focused on reverse engineer the Kia IVI system to discover vulnerabilities that may allow an attacker to compromise the IVI functionalities and inject CAN frames into the CAN bus to alter the behaviour of (part of) the vehicle. By reverse engineering the IVI, we identified four important vulnerabilities that affect all Kia vehicles that embed the studied IVI. Finally, we show how an attacker can easily control the IVI and inject CAN bus frames by means of a Metasploit module that we wrote.

Publisher

Springer Science and Business Media LLC

Subject

Computational Theory and Mathematics,Hardware and Architecture,Software,Computer Science (miscellaneous)

Link

https://link.springer.com/content/pdf/10.1007/s11416-022-00430-5.pdf

Reference49 articles.

1. Technology, S.: Automotive ECUs, the Core for Connected Cars. https://www.syrmatech.com/ automotive-ecu/. Accessed 22/12/2021 (2022)

2. International Organization for Standardization: Road vehicles—Controller area network (CAN)—Part 1: Data link layer and physical signalling. https://www.iso.org/standard/63648.html. Accessed 22/12/2021 (2015)

3. Dariz, L., Costantino, G., Ruggeri, M., Martinelli, F.: A Joint Safety and Security Analysis of message protection for CAN bus protocol. Adv. Sci. Technol. Eng. Syst. J. 3(1), 384–393 (2018). https://doi.org/10.25046/aj030147

4. Dariz, L., Ruggeri, M., Costantino, G., Martinelli, F.: A survey over low-level security issues in heavy duty vehicles. In: Automotive Cyber Security Conference. ESCAR (2016)

5. Dariz, L., Selvatici, M., Ruggeri, M., Costantino, G., Martinelli, F.: Trade-off analysis of safety and security in can bus communication. In: The 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS 2017), pp. 226–231. IEEE, Piscataway, New Jersey, USA (2017)

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. REACT: Autonomous intrusion response system for intelligent vehicles;Computers & Security;2024-10

2. AI-based anomaly identification techniques for vehicles communication protocol systems: Comprehensive investigation, research opportunities and challenges;Internet of Things;2024-10

3. Modeling Poisoning Attacks Against Machine Learning Components of Intrusion Detection Systems;2024 IEEE 25th International Conference of Young Professionals in Electron Devices and Materials (EDM);2024-06-28

4. Cybersecurity of Autonomous Vehicles: A Systematic Literature Review of Adversarial Attacks and Defense Models;IEEE Open Journal of Vehicular Technology;2023

5. Valet attack on privacy: a cybersecurity threat in automotive Bluetooth infotainment systems;Cybersecurity;2022-10-04