IIT Home Page CNR Home Page

CANDY CREAM - Hacking Infotainment Android Systems to Command Instrument Cluster via Can Data Frame

Modern vehicles functionalities are regulated by Electronic Control Units (ECU), from a few tens to a hundred, commonly interconnected through the Controller Area Network (CAN) communication protocol. CAN is not secure-by-design: authentication, integrity and confiden- tiality are not considered in the design and implementation of the protocol. This represents one of the main vulner- ability of modern vehicle: getting the access (physical or remote) to CAN communication allows a possible malicious entity to inject unauthorised messages on the CAN bus. These messages may lead to unexpected and possible very dangerous behaviour of the target vehicle. In this paper, we present CANDY CREAM, an attack made of two parts: CANDY aiming at exploiting a vulnerability exposed by an infotainment system based on Android operating system connected to the vehicle’s CAN bus network, and CREAM, a post-exploitation script that injects customized CAN frame to alter the behaviour of the vehicle.

IEEE International Conference on Computational Science and Engineering, CSE 2019, and IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2019,, New York, USA, 2019

Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: CandyCreamCR.pdf

Attività: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti