Haohuang Wen (The Ohio State University), Qingchuan Zhao (The Ohio State University), Qi Alfred Chen (University of California, Irvine), Zhiqiang Lin (The Ohio State University)

In modern automobiles, CAN bus commands are necessary for a wide range of functionalities such as diagnosis, security monitoring, and recently autonomous driving. However, their specifications are developed privately by car manufacturers, and today the most effective way of revealing the proprietary CAN bus commands is to reverse engineer (e.g., dynamic test) with real cars, which is time consuming, costly, and error-prone. In this paper, we propose a cost-effective (no real car needed) and automatic (no human intervention required) approach for reverse engineering CAN bus commands using just car companion mobile apps. To achieve high effectiveness, we design a new technique to uncover the syntactics of CAN bus commands with backward slicing and dynamic forced execution, and a novel program-based algorithm to uncover the semantics of CAN bus commands by leveraging code-level semantics clues. We have implemented a prototype for both Android and iOS platforms, and tested it with all free car companion apps (253 in total) from both Google Play and Apple App Store. Among these apps, CANHUNTER discovered 182,619 syntactically unique CAN bus commands with 86% of them revealed with semantics, covering 360 car models from 21 car manufactures. We have also evaluated their correctness (both syntactics and semantics) using public resources, cross-platform and cross-app validation, and also real-car testing, in which 70% of all the uncovered commands are validated. We observe no inconsistency in cross-platform and cross-app validation, and only discover 3 false positives (among the 241 manually validated CAN bus commands) in semantics recovery from public resources and real-car testing.

View More Papers

Hold the Door! Fingerprinting Your Car Key to Prevent...

Kyungho Joo (Korea University), Wonsuk Choi (Korea University), Dong Hoon Lee (Korea University)

Read More

IMP4GT: IMPersonation Attacks in 4G NeTworks

David Rupprecht (Ruhr University Bochum), Katharina Kohls (Ruhr University Bochum), Thorsten Holz (Ruhr University Bochum), Christina Poepper (NYU Abu Dhabi)

Read More

CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples

Honggang Yu (University of Florida), Kaichen Yang (University of Florida), Teng Zhang (University of Central Florida), Yun-Yun Tsai (National Tsing Hua University), Tsung-Yi Ho (National Tsing Hua University), Yier Jin (University of Florida)

Read More

MassBrowser: Unblocking the Censored Web for the Masses, by...

Milad Nasr (University of Massachusetts Amherst), Hadi Zolfaghari (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst), Amirhossein Ghafari (University of Massachusetts Amherst)

Read More