Modern vehicles have many electronic control units (ECUs) connected to the Controller Area Network (CAN) bus, which have few security features in design and are vulnerable to cyber attacks. Researchers have proposed solutions like intrusion detection systems (IDS) to mitigate such threats. We presented a novel attack, CANCloak, which can deceive two ECUs with one CAN data frame, and therefore can bypass IDS detection or cause vehicle malfunction. In this attack, assuming a malicious transmitter is controlled by the adversary, one crafted CAN data frame can be transmitted to a target receiver, while other ECUs shall not receive that frame nor raise any error. We have setup a physical test environment and evaluated the effectiveness of this attack. Evaluation results showed that success rate of CANCloak reaches up to 99.7%, while the performance depends on the attack payload and sample point settings of victim receivers, independent from bus bit rate.
CANCloak: Deceiving Two ECUs with One Frame
Li Yue, Zheming Li, Tingting Yin, and Chao Zhang (Tsinghua University)
View More Papers
Demo #12: Too Afraid to Drive: Systematic Discovery of...
Ziwen Wan (UC Irvine), Junjie Shen (UC Irvine), Jalen Chuang (UC Irvine), Xin Xia (UCLA), Joshua Garcia (UC Irvine), Jiaqi...
Read MoreDemo #13: Attacking LiDAR Semantic Segmentation in Autonomous Driving
Yi Zhu (State University of New York at Buffalo), Chenglin Miao (University of Georgia), Foad Hajiaghajani (State University of New...
Read MoreDemo #14: In-Vehicle Communication Using Named Data Networking
Zachariah Threet (Tennessee Tech), Christos Papadopoulos (University of Memphis), Proyash Poddar (Florida International University), Alex Afanasyev (Florida International University), William...
Read MoreDenial-of-Service Attacks on C-V2X Networks
Natasa Trkulja, David Starobinski (Boston University), and Randall Berry (Northwestern University)
Read More