汽车信息安全攻击研究实例总结

Posted byronsh

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了汽车信息安全攻击研究实例总结相关的知识,希望对你有一定的参考价值。

本文主要总结汽车信息安全相关的攻击研究和实例。(持续更新中)

A Tire Pressure Monitoring System Case Study - 2010 [1]

Tire Pressure Monitoring Systems (TPMS) are the first in-car wireless network to be integrated into all new cars in the US and will soon be deployed in the EU. This paper has evaluated the privacy and security implications of TPMS by experimentally evaluating two representative tire pressure monitoring systems. Our study revealed several security and privacy concerns. First, we reverse engineered the protocols using the GNU Radio in conjunction with the Universal Software Radio Peripheral (USRP) and found that: (i) the TPMS does not employ any cryptographic mechanisms and (ii) transmits a fixed sensor ID in each packet, which raises the possibility of tracking vehicles through these identifiers. Sensor transmissions can be triggered from roadside stations through an activation signal. We further found that neither the heavy shielding from the metallic car body nor the lowpower transmission has reduced the range of eavesdropping sufficiently to reduce eavesdropping concerns. In fact, TPMS packets can be intercepted up to 40 meters from a passing car using the GNU Radio platform with a low-cost, low-noise amplifier. We note that the eavesdropping range could be further increased with directional antennas, for example.

We also found out that current implementations do not appear to follow basic security practices. Messages are not authenticated and the vehicle ECU also does not appear to use input validation. We were able to inject spoofed messages and illuminate the low tire pressure warning lights on a car traveling at highway speeds from another nearby car, and managed to disable the TPMS ECU by leveraging packet spoofing to repeatedly turn on and off warning lights.

原文地址: 百度学术可以搜索到大量免费下载地址

参考

[1] Rouf I , Miller R D , Mustafa H A , et al. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study[C]// 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings. DBLP, 2010.
[2] Craig Smith 著, 杜静,李博译. 汽车黑客大曝光. 2017

以上是关于汽车信息安全攻击研究实例总结的主要内容,如果未能解决你的问题,请参考以下文章

信息安全技术RSA算法的研究及不同优化策略的比较

车联网安全知识点总结

20191324《信息安全专业导论》第十二周学习总结

实例演示Android安全须知

这5个汽车组件单元最易遭到网络攻击

腾讯安全科恩实验室发布最新研究成果,针对奔驰车载娱乐系统的安全研究