security issues in modern automotive systems - · pdf filelock braking system, ... (fig. 1),...

Security Issues in ModernAutomotive Systems

Patrick NischComputer Science and Media

Stuttgart Media University (HdM)Email: [email protected]

Abstract—Today’s cars do not distinguish from each other justby their exterior or by their engine any more, but also by theirtechnical features. The big car manufacturers recognized thistrend and try to excel their competitors. Modern cars consist ofdozens of digital computers and sensors to control and monitorthe internal systems and increase the safety and convenienceof the customers. On the other hand, these features introducenew potential risks. This paper provides an overview of currentsecurity issues and attack scenarios and aims to raise awarenessof the increased surface for malicious attacks in the current andfuture generation of cars.

This paper is based on the lecture ”Secure Systems” taught byProfessor Walter Kriha at the Media University Stuttgart (HdM).

November 24, 2011

I. INTRODUCTION

The technology in automotive car systems will be the nextdomain where we will be connected to the world. The newMercedes-Benz F 125! research vehicle showed at this year’sIAA1 provides an outlook on the future of car infotainment.It shows how vehicles could look like in the year 2025 andbeyond. The slogan of the Cloud-based infotainment systemis “Always online, always connected”. The vision, as seen byMercedes Benz, is described as the following:

In the future, the driver will be able to start withthe traffic report or retrieve personal messagesbefore the selected music program begins. Theweather report will then automatically come onbefore the journey ends, for example. Thanks tothe mood-based configuration function ”Moods”,such individual adjustments will be completed ina matter of seconds in future. The F125! alsoopens up completely new dimensions when itcomes to external communication and the useof social networks. With the help of the SocialCommunity Assistant, the driver alone can decidewho is allowed to ”disturb” him, or who receivesinformation. [1]

For the vision to become true, the car needs to satisfy mainlythree requirements:

First, the car needs to be highly instrumented. More andmore embedded computer chips find their way in today’s

1Internationale Automobil Ausstellung in Frankfurt

modern cars. Embedded devices are used in almost every areaof vehicles, including airbags, the radio, power seats, anti-lock braking system, cameras, autonomous cruise control andelectronic stability control. Extra features of the last decadelike air conditioning, heated seats and automatic gear arecommonly standard today, and the prize for extras is nowtagged on specialized embedded technologies like Bluetooth,GPS navigation system or in-vehicle-infotainment systems.The value of a car highly relies on its electronics. A recentestimate assumes that a typical premium car now contains 70-100 independent electronic control units (ECUs) coordinatingand monitoring components and sensors [2].

Secondly, it needs to become ”intelligent” in a way, that itaccumulates data from different sensors and computer unitsto interpret whole situations and provide quick and fast re-actions. This enfolds many areas of a car and will optimizefuel consumption to be more efficient, provide real timeinformation about traffic and news, increase safety throughaccident prevention, improve convenience through recommen-dation systems for music etc.

And finally, the car needs to be interconnected with differentprotocols, like Ethernet, WiFi, GSM, 3G, Bluetooth, radio, oreven infrared, to communicate to all kinds of systems, devices,back-ends, etc. Also Internet-based services find their way intoday’s cars. Mobile internet flatrates are getting affordableand reception coverage is spreading in rural areas as well.Additionally the introduction of Long Term Evolution (LTE)enhances this development and increases the up-and downloadspeed considerably.

The design, development and management of the embeddedtechnology (including software, sensors, semiconductors, me-chanical systems, etc) also adds a layer of complexity, cost andrisk to modern cars. Embedded systems like these are physicaland systematically close neighbours. Most vehicles implementmultiple buses, each of which host a subset of the ECUs.Because many features like hand-free features and displayingmessages on the console require complex interactions, thesebuses must be interconnected to support the complex couplingbetween pairs of ECUs. This complexity warrants attention tosecurity. If one unit is compromised, the others are not far toreach [3]. A recently published analysis by computer securitycompany McAfee warns that the large amount of chips inmodern cars highly increases their attacking surface for hacks.The report further states that there were no malicious attacks

Lecture: Securce Systems Security Issues in Modern Automotive Systems

on vehicles equipped with original factory’s components sofar, yet mentions that a disgruntled former employee of a cardealership disabled 100 cars by manipulating an aftermarketsecurity system that had been installed previously [4].

Whereas the embedded hardware is one critical aspect to beconcerned of, the required software is another. The softwareneeded for modern cars is extensive and can contain up to100 million lines of code, increasing on a fast pace. Frost andSullivan estimates that cars will require 200 million to 300million lines of software code in the near future. For today’scars the cost of software and electronics can reach up to 40%of the cost of a car already [2]. Also IBM is saying that “assoftware becomes the key ingredient in product innovation,traditional manufacturers are essentially becoming softwarecompanies!” [5].

A. Related Work

The Center for Automotive Embedded Systems Security(CAESS) is a collaboration between researchers at the Univer-sity of California San Diego and the University of Washington.Their aim is to help to ensure the security, privacy, andsafety of future automotive embedded systems. So far, twopublications were released which are quoted throughout thispaper. The first one was published in 2010 and aimed onanalysing the internal resilience of a conventional automo-bile against a digital attack towards its internal components,presuming that the attacker has physical access to the car’sinternal network. The paper concludes the internal networksin some modern cars are insecure and demonstrates the abilityto adversarially control a wide range of automotive functionsincluding disabling the brakes, selectively braking individualwheels on demand, stopping the engine, etc. [3].

Criticism was widely uttered for the unrealistic scenario ofthe attacker having physical access to the car’s internal net-work. Therefore a second paper was published in 2011. Thistime the focus lay on the analysis of the remote attack surfaceof modern cars. The paper provides an extensive overview ofdifferent threat models via indirect physical access(e.g. OBD-II and audio files), short-range wireless access (e.g. Bluetooth),and long-range wireless access (e.g. Cellular). Their results arepartly alarming and are presented in Section III [6].

II. MODERN CARS

The automobile industry adds new features to increasecustomers convenience. The user experience we are used tohave with our mobile devices like smartphones and tabletsis expected to be available in cars as well. Therefore, carmanufacturers put a lot of effort in developing similar HMIs2

for their in-car-entertainment systems. The problem is, thatthe developing time for new car models takes several years.The decision to determine which features to include and whichto abandon needs to be finalized about two years before theroll-out. This circumstance makes it hard to follow the rapiddevelopments of consumer electronics. Some developments tocircumvent this barriers are described below:

2Human Machine Interface

Fig. 1. OnStar MyLink displays information about the connected car such asoil and fuel status, average fuel economy, and mileage. In addition, the OnStarMyLink enables you to honk the vehicle’s horn, lock and unlock doors, andon some models, remotely start the car.

A. MirrorLinkMirrorLink3 provides in-vehicle mobile device adaptation

for an interactive multi-modal experience using two-way com-munication between the vehicles in-dash display and appli-cations running on the Smartphone. MirrorLink is the newname of the Terminal Mode 1.0.1 standard from the openCar Connectivity Consortium (CCC). CCC member compa-nies4 represent many of the major automotive OEMs, mobiledevice manufacturers, and consumer electronics technologyproviders, only one larger consumer electronics provider re-fuses to take part in the CCC, naming Apple Inc. The goal isto improve the overall consumer experience when connectingmobile devices to in-vehicle infotainment systems. By usingthe car’s own controller the safety of the usage of mobiledevices while driving increases. The incorporation with suchbroad industry support to develop an open standard makessure that the technology will last for many years and othermanufactures may join as well.

B. Smartphone ApplicationsThe borders of a car are not just defined by its physical

dimension only, but also by its wireless capacities. Many man-ufacturers offer cell phone-based communication, for instance,GM’s OnStar MyLink (Fig. 1), Ford’s SYNC, BMW’s As-sist, Lexus’ Enform, Toyota’s Safety Connect, and Mercedes’mbrace. The possibilities of these mobile apps include:

• Sending navigation data from any destination• Unlocking the car with an unique remote key, identifying

the passenger and adjusting the preferred seat and mirrorpositions

• Remotely slow down of stolen cars, block the ignitionand obtain exact coordinates of the cars location

• Starting the car and set charging times remotely viasmartphones for plug-ins like the Chevy Volt

• Fords MyKey allows specially programmed functionssuch as limiting the maximum speed or depending on the

3http://www.terminalmode.org/4Charter members are: Alpine, Daimler, General Motors, Honda, HTC,

Hyundai Motor Company, LG Electronics, Nokia, Panasonic, PSA, Samsung,Toyota, Volkswagen

2


key used, the radio will remain silent if the passengersare unbelted

• Automated emergency calls after heavy accidents (if theairbags got inflated)

Some car makers also include in-car WiFi hot spots in theirvehicles that provide Internet access for all the passengers’devices.

Internet

As described in the introduction the cars are the next bigenvironment that will be conquered by the Internet.

C. Third-Party Applications

Another way to keep pace with the development of con-sumer electronics is to open the infotainment system for third-party applications. The question to open the system is noteasy to answer especially concerning security aspects. It mustbe prevented that malicious software finds it way into thecars system. Also the car manufacturers have big interestin applications that do not influence the brands customerexperience, so applications must achieve a certain amountof quality and must not distract the driver. So far, most ofthe available third-party applications are the big players likeTwitter and Pandora, and they are often tightly integrated in thesurrounding system. One way to enable third-party applicationfor the car manufactures is to provide an SDK for developersand strictly review submissions before approval.

III. SECURITY ISSUES

In this section seven different areas will be considered andexamined for security issues or vulnerabilities:

A. TPMS (Tire Pressure Monitoring System)

In the USA systems for monitoring the pressure in tires areobligatory since 2008. From 2012 on they shall be obligatoryin Europe as well. Scientists from University of South Carolinaand Rutgers University in Piscataway found out that thissystem can be used to manipulate the ECU of a vehicle [7].The TPMS consists of a sensor, a transmitter (sending at125hHz) and an antenna (receiving at 433MHz) located inthe wheel case or in the wheel itself (Figure 2). The sensormeasures the pressure and sends the information periodicallyto the ECU. But the communication is not secured, the dataprotocol is neither encrypted nor signed.

Security Issue I: Due to not authenticated messages andno use of input validation in the vehicles ECU, the scientistswere able to inject spoofed messages and repeatedly turnedthe low tire pressure warning lights of the vehicle on and off.Obviously the driver thinks the tire has too little pressure anddrives to the next service station to fill it up again.

Fig. 2. Overview of a TPMS system used in the VW Phanteon [8].

Security Issue II: Every tire sensor has its own unique32-Bit identification which is send in every package. Trigger-ing sensor transmissions is possible from roadside stationsthrough an activation signal. The messages can be interruptedup to 40 meters from a passing car. Therefore widely spreadforeign receivers can recognize cars and could create adetailed moving profile of the car, without anyone being awareof it.

Tracking vehicles was possible before through visible li-cense plate identification, but tracking through TPMS iden-tifiers is a low cost solution and harder to deactivate thanother wireless car components. The scientists recommendapplying standard reliable software design practices and basiccryptographic security mechanisms to prevent the securityissues.

B. GPS (Global Positioning System)The Global Positioning System is a space-based global

navigation satellite system (GNSS) that provides location andtime information anywhere on the Earth, where there is anunobstructed line of sight to four or more GPS satellites.The GPS project was developed in 1973 to overcome thelimitations of previous navigation systems and was officiallyreleased on 17. July 1995. Subsequently, it was made fullyavailable to civilians in 2007. Although GPS includes securityfeatures for encryption, they are only used for military pur-poses, the signals for civilians are transmitted in the clear.A GPS receiver calculates its position by precisely timingthe signals sent by GPS satellites high above the Earth. Eachsatellite continually transmits messages including the time oftransmitting and precise orbital information. The receiver usesthe messages it receives to determine the transit time of eachmessage and computes the distance to each satellite. Thesedistances combined with the satellites’ locations are used tocompute the position of the receiver [9].

The main purpose of GPS is navigation, but today it isalso used for an ever-broadening list of applications, includingmanagement of the power grid and tracking criminals underhouse arrest. The reliability of the received GPS informationis seen as ground truth and can have large jurisdictional

3


impact: it might be tax law-related in use of electronic drivers’logbooks, labour law-related in use for Fleet Tracking and theinformation recorded in black boxes is permitted as evidencein case of accidents.

Security Issue III: Researchers at Cornell Universitydemonstrated that the system can be spoofed to produceerroneous readings. Therefore a briefcase-size GPS receiverwas programmed (originally used in ionospheric research)to send out fake signals. The receiver then can be placedin the proximity of a navigation device, where it can track,modify, and retransmit the signals being transmitted from theGPS satellite network. The fake GPS signals will be acceptas authentic ones. [10]

The issue of GPS receiver spoofing is already known foryears. Yet in 2003 an article from Los Alamos National Lab-oratory addressed the vulnerability describing seven ”counter-measures” to recognize suspicious activity [11]. But, accordingto the Cornell researchers, such countermeasures would nothave successfully guarded against the signals produced by theirreprogrammed receiver.

C. Keyless Entry SystemsCar entry systems use RFID technology to gain remotely

access to the cars. Therefore the car emits beacons periodicallyon the low frequency channel (120 to 135 KHz). When thekey is in range, it wakes up, demodulates the signals andinterprets them. Then a response to that challenge is computedand replied on the ultra high frequency channel (315 or 433MHz). If the response is valid, the car unlocks the doors. Tostart the engine the key must be inside the car and must replyto different types of messages.

Security Issue IV: In February this year a paper waspublished about relay attacks on passive keyless entry inmodern cars. Three researchers from ETH Zurich were ableto break into 10 vehicles made by 8 different manufacturersand drive away. To do so, it is necessary to intercept andrelay the radio signals from the smart keys to the cars.Although the concept of relay attacks is not new, it is the firsttime of a very practical realization of the theory. In fact, thecosts for the needed material are just about 100 Dollar. Forrelay attacks a paired set of radio devices is needed. Onedevice is located next to the car and the other one next tothe key as shown in Figure 3. The devices intercept the radiosignals emitted by the car and the responses from the key andextends those signals so that the key and the car believe theyare in authorized range. Without breaking any cryptographythe captured signal can then be used to enter the vehicle andstart the engine, bypassing any further security systems. [12]

Another way of getting access to a keyless car systemwas shown by researchers at Ruhr University Bochum.The paper presents the first successful differential poweranalysis attack on numerous commercial products using

Fig. 3. Relay attack using a paired set of radio devices.

KeeLoq; a remote keyless entry system used for accesscontrol purposes such as garage openers or car door systems.As shown in Figure 4 the key calculates a hash out of astarting value and a secret key. The hash value is transmittedand becomes the new starting value for the next hash. Thecar calculates the future 5 hash values for every correctreceived hash. If many hash values can not be receivedcorrectly, the car must be opened mechanically. When thekey is in the ignition lock it gets reloaded and resynchronized.

Fig. 4. Calculating key with KeeLoq algorithm.

Security Issue V: The researchers succeeded in key-cloning by eavesdropping only two messages from distance.Combining side-channel cryptanalysis with specific propertiesof the proprietary KeeLoq algorithm allows efficient revealingof the secret key of a remote transmitter and the manufacturerkey stored in a receiver. In addition, a denial of service attackfor KeeLoq systems is introduced, whereby the owner of theoriginal transmitter needs to press the button 215 times toproduce a valid code message, leaving the impression for thedevice to be out of service.

D. On-Board Diagnostics (OBD-II)In all modern cars in the United States an On-Board

Diagnostics port can be found under the dash providingdirect and standard access to internal automotive networks.This interface provides direct access to the vehicle’s CAN5

buses. The OBD-II port is accessed by service personnelduring routine maintenance to diagnose and update individ-ual ECUs. In modern cars the connection is established byspecific diagnostics hardware devices via USB or WiFi andthe ODP-II port (all new cars in the U.S. support the SAEJ2534 “PassThru” standard - a Windows API that provides astandard, programmatic interface to communicate with a car’sinternal buses). Once connected, software on the computer caneavesdrop or program the car’s ECUs. The communication is

5Controller Area Network

4


unauthenticated. The researches from CAESS show that anattacker connected to this internal network can circumvent allcomputer control systems, including safety-critical elementssuch as the brakes and engine. Figure 5 shows such an exploitwith the CarShark tool a custom CAN bus analyser and packetinjection tool. [6]

Security Issue V: If an attacker manages to connect tothe same WiFi network as the diagnostics device, it is alsopossible to connect to the device itself. As soon as the deviceis connected to a car, the attacker has the same connectionand is able to gain control over the car’s re-programming.

Security Issue VI: It is also possible to compromise thediagnostic device itself. At the beginning of the communica-tion, the device multicasts a UDP packet on the network. Forreceiving client requests the device sends its IP address andTCP port. The client then connects to the port and uses thePathThru DLL to configure it and to start communication tothe vehicle. The communication itself is unauthenticated andonly relies on the external network security for any accesscontrol. The only limitation is, that only one connection ata time is allowed to the device, and thus the attacker needsto wait for an unused connection. The device then exports aproprietary, unauthenticated API for configuring its networkstate. Input validation bugs in the implementation of this proto-col allow an attacker to run commands via shell-injection. Byimplanting malicious code, every further connected car underservice gets affected. [6]

E. Audio SystemSince long time CD-players are shipped in virtually all cars.

The later ones provide, next to an MP3-capable CD-player,also some digital ports, e.g. USB or iPod docking port, toallow the customers to use their usual audio player in the carinfotainment system as well. The researchers examined thefirmware for input vulnerabilities and were able to exploit thesystem. [6]

Security Issue VII: By adding code to a digital musicfile (CD or MP3 file), it can be turned into a Trojan horse.Input vulnerabilities of the media player’s firmware thenallow the execution of arbitrary code. The researchersdemonstrated an attack by modifying and WMA audio file.Played on a car’s media player the file sends arbitrary CANpackets to compromise the car systems, whereas played on aPC the file runs normally. Mass distribution of such modifiedfiles over peer-to-peer networks would be quite easy, withdevastating consequences. [6]

The threat of a compromised media system alone islimited, but, as described previously, today the internalnetwork connection of media components are also linked tothe CAN bus to enable cross system functionality. If onlyone bus is compromised it is possible to gain access tocomponents of another [3].

Fig. 5. CarShark exploid by the CAESS researchers. The car displaysarbitrary messages and false speedometer readings. (Note that the car wasin parking mode). [3]

F. BluetoothAnother common feature in head units of modern cars is

the use of Bluetooth devices such as mobile phones to enablehands-free calling. To use a Bluetooth device with the carsystem it is necessary to pair the devices. Therefore the carprovides a random PIN, which must then be entered manuallyin the external Bluetooth device. In the examined car, theresearchers from CAESS, identified the responsible programfor the Bluetooth functionality. Whereas the used Bluetoothprotocol is a widely used implementation, the interface and therest of the application is custom-build. In the custom-build partof the software code the researchers found unsafe strcpyvulnerabilities which are easily exploitable. [6]

Security Issue VIII: While direct access to the cars’Bluetooth system might be difficult, the researchers showeda way to attack the system indirectly. So, the first step is tocompromise the mobile phone of the customer. An implementedTrojan horse for the Android platform checks the phone forconnected Bluetooth devices; if it recognizes the other partyas a head unit, it sends the attack code. Applications hiding aTrojan horse on Android Market have been found before [13].

Security Issue IX: For a direct attack to a Bluetoothdevice two steps are necessary. First, the MAC address of thedevice must be gathered. To do so, the researchers showedtwo ways to get the required information. With the help of theopen source Bluesniff package and a USRP-based softwareradio it is possible to sniff the MAC address when the caris started in presence of a previously paired device. Anotherway to capture the MAC address is by sniffing and analysingBluetooth traffic of devices, which were previously pairedwith the car and are still enabled. Once the MAC is known,the next step is to get around the random PIN. Thereforethe researchers used a simple laptop to issue brute forcepairing request. They were successful with an average ofapproximately 10 hours per car. Because the attack needssuch a long time and requires the car to be running, it is also

5


possible to parallelize it to sniff MAC addresses of multiplecars at the same time. If a thousand of such cars leave aparking garage at the end of a day, they expect to brute forcethe PIN of at least one car within a minute.

When the pairing to the car’s Bluetooth device succeeded, thecar can be compromised in the same way as shown above.[6]

G. CellularAs described above the cellular capabilities in car’s telem-

atics units increase safety and convenience features in moderncars. But these features also increase the attack surface.Through a cell phone interface the head unit is able to use3G for Internet connections and the voice channel for safetyfunctions (e.g. crash notifications). In most sedans in NorthAmerica the transformation from analogue to digital is syn-thesized with Airbiquity’s aqLink software modem. To switchthe call into data mode an in-band, tone-based signallingprotocol is used. In the paper from CAESS, the researchersexamined and reverse engineered the aqLink protocol and theoverlaying command protocol (information about the state ofthe car) to build an aqLink-compatible software modem to findvulnerabilities [6].

Authentication process: When calling a car (the phonenumber is available via caller ID) in data mode, the car sendsa message with a random, three byte authentication challengepacket. The Telematics Call Center (TCC), operated by themanufacturer, generates a response by hashing the challengealong with a 64-bit pre-shared key. If an incorrect authentica-tion response is received, or a response is not received withinthe prescribed time limit, the Command program will send anerror packet.

Security Issue X: The authentication process is flawedbecause the ‘random’ number generator is re-initialized when-ever the telematics unit starts. An attacker can sniff the cellularlink during a TCC-initiated call and observe the responsepacket. He can then authenticate himself as the TCC wheneverthe telematics unit is turned on.

Security Issue XI: Another grave bug in the process wasfound by the researchers, which allows authentication withoutsniffing the challenge at all. For approximately one out of256 challenges the incorrect responses will be accepted asvalid. As long as the telematics unit is not shut down, theauthentication test can be bypassed and the exploit can betransmitted. [6]

IV. CONCLUSION

Cars are getting highly computerized and connected. Buttogether with new features new risks come along. The im-portance of the security aspect increases as new features(see section II. Modern Cars) will get access to the in-car infotainment systems in the years to come. With theobtained entrance of the Internet in modern cars, they could

be vulnerable to hackers just as normal computers are today.[14]

Most of the presented security issues do only exist due toa lack of properly implemented security features. Therefore,the referenced papers for each issue provide recommendationsfor security mechanisms that can alleviate most security andprivacy concerns described in this paper. Thus the car man-ufacturers are encouraged to watch conscientiously on theirinterfaces to the internal systems. The CAESS researchers say,that the modern car industry put extensive effort in designingsafely tolerant components, but did not take intentionallyattacks of hackers into account who want to take over thesystem [3]. The goal must be to reduce the attack surfaceas much as possible. The loss of reputation for a possiblesecurity scandal or a broad product callback would be multipletimes more expensive than to put more effort in diligentimplementations.

REFERENCES

[1] Mercedes Benz Homepage, Online: http://media.daimler.com/dcmedia/0-921-1417474-1-1422637-1-0-1-1422684-0-1-11694-614226-0-1-0-0-0-0-0.html?TS=1317216008611

[2] Robert N. Charette, “This Car Runs on Code”, Online:http://spectrum.ieee.org/green-tech/advanced-cars/this-car-runs-on-code,February 2009.

[3] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway,D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage,“Experimental security analysis of a modern automobile”, at IEEESymposium on Security and Privacy. IEEE Computer Society, Online:http://www.autosec.org/publications.html, 2010.

[4] McAfee, Report: “Caution: Malware Ahead”, Online:http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf, 2011.

[5] Scott Hebner , White Paper: “Smarter Products - The Building Blocksfor a Smarter Planet”, 2009.

[6] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Check-oway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S.Savage, “Comprehensive Experimental Analyses of Automotive At-tack Surfaces”, at IEEE Symposium on Security and Privacy, Online:http://www.autosec.org/publications.html, 2011.

[7] Ishtiaq Rouf, Rob Miller, Hossen Mustafa, Travis Taylor, Sangho Oh,Wenyuan Xu, Marco Gruteser, Wade Trappe, Ivan, “Security and PrivacyVulnerabilities of In-Car Wireless Networks: A Tire Pressure MonitoringSystem Case Study”, at USENIX, 2010.

[8] Online: http://forums.vwvortex.com/showthread.php?1817987-Tire-Pressure-Monitoring-System-

[9] Global Postitioning System on Wikipedia, Online: http://en.wikipedia.org/wiki/Global Positioning System, 2011.

[10] Todd E. Humphreys, Brent M. Ledvina, Mark L. Psiaki, Brady W.O’Hanlon, and Paul M. Kintner, Jr., “Assessing the Spoong Threat:Development of a Portable GPS Civilian Spoofer”, at GNSS ConferenceSavanna, 2008.

[11] Jon S. Warner, Roger G. Johnston, Homelandsecurity: “GPS Spoof-ing Countermeasures”, at Los Alamos National Laboratory, On-line: http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warnergps spoofing.html, 2003.

[12] Aurlien Francillon, Boris Danev, Srdjan Capkun, “Relay Attacks onPassive Keyless Entry and Start Systems in Modern Cars”, at 18thAnnual Network And Distributed System Security Symposium, 2011,ETH Zurich.

[13] J. Vijayan, “Update: Android gaming app hides Trojan, security vendorswarn”, at Computerworld, Online: http://www.computerworld.com/s/article/9180844/Update Android gaming app hides Trojan securityvendors warn, 2010.

[14] J. Markoff, “Cars’ Computer Systems Called at Risk to Hackers”,Online: http://www.nytimes.com/2010/05/14/science/14hack.html, 2010.

6

security issues in modern automotive systems - · pdf filelock braking system, ... (fig. 1),...

Documents