skip to main content

Title: Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT
With the growing trend of the Internet of Things, a large number of wireless OBD-II dongles are developed, which can be simply plugged into vehicles to enable remote functions such as sophisticated vehicle control and status monitoring. However, since these dongles are directly connected with in-vehicle networks, they may open a new over-the-air attack surface for vehicles. In this paper, we conduct the first comprehensive security analysis on all wireless OBD-II dongles available on Amazon in the US in February 2019, which were 77 in total. To systematically perform the analysis, we design and implement an automated tool DONGLESCOPE that dynamically tests these dongles from all possible attack stages on a real automobile. With DONGLESCOPE, we have identified 5 different types of vulnerabilities, with 4 being newly discovered. Our results reveal that each of the 77 dongles exposes at least two types of these vulnerabilities, which indicates a widespread vulnerability exposure among wireless OBD-II dongles on the market today. To demonstrate the severity, we further construct 4 classes of concrete attacks with a variety of practical implications such as privacy leakage, property theft, and even safety threat. We also discuss the root causes and feasible countermeasures, and have made corresponding more » responsible disclosure. « less
Authors:
; ;
Award ID(s):
1850533
Publication Date:
NSF-PAR ID:
10281625
Journal Name:
USENIX Security Symposium
Sponsoring Org:
National Science Foundation
More Like this
  1. With the development of the emerging Connected Vehicle (CV) technology, vehicles can wirelessly communicate with traffic infrastructure and other vehicles to exchange safety and mobility information in real time. However, the integrated communication capability inevitably increases the attack surface of vehicles, which can be exploited to cause safety hazard on the road. Thus, it is highly desirable to systematically understand design-level flaws in the current CV network stack as well as in CV applications, and the corresponding security/safety consequences so that these flaws can be proactively discovered and addressed before large-scale deployment. In this paper, we design CVAnalyzer, a system for discovering design-level flaws for availability violations of the CV network stack, as well as quantifying the corresponding security/safety consequences. To achieve this, CVAnalyzer combines the attack discovery capability of a general model checker and the quantitative threat assessment capability of a probabilistic model checker. Using CVAnalyzer, we successfully uncovered 4 new DoS (Denial-of-Service) vulnerabilities of the latest CV network protocols and 14 new DoS vulnerabilities of two CV platoon management protocols. Our quantification results show that these attacks can have as high as 99% success rates, and in the worst case can at least double the delay in packetmore »processing, violating the latency requirement in CV communication.We implemented and validated all attacks in a real-world testbed, and also analyzed the fundamental causes to propose potential solutions. We have reported our findings in the CV network protocols to the IEEE 1609 Working Group, and the group has acknowledged the discovered vulnerabilities and plans to adopt our solutions.« less
  2. Abstract
    Excessive phosphorus (P) applications to croplands can contribute to eutrophication of surface waters through surface runoff and subsurface (leaching) losses. We analyzed leaching losses of total dissolved P (TDP) from no-till corn, hybrid poplar (Populus nigra X P. maximowiczii), switchgrass (Panicum virgatum), miscanthus (Miscanthus giganteus), native grasses, and restored prairie, all planted in 2008 on former cropland in Michigan, USA. All crops except corn (13 kg P ha−1 year−1) were grown without P fertilization. Biomass was harvested at the end of each growing season except for poplar. Soil water at 1.2 m depth was sampled weekly to biweekly for TDP determination during March–November 2009–2016 using tension lysimeters. Soil test P (0–25 cm depth) was measured every autumn. Soil water TDP concentrations were usually below levels where eutrophication of surface waters is frequently observed (> 0.02 mg L−1) but often higher than in deep groundwater or nearby streams and lakes. Rates of P leaching, estimated from measured concentrations and modeled drainage, did not differ statistically among cropping systems across years; 7-year cropping system means ranged from 0.035 to 0.072 kg P ha−1 year−1 with large interannual variation. Leached P was positively related to STP, which decreased over the 7 years in all systems. These results indicate that both P-fertilized and unfertilized cropping systems mayMore>>
  3. Security is a huge challenge in vehicular networks due to the large size of the network, high mobility of nodes, and continuous change of network topology. These challenges are also applicable to the vehicular fog, which is a new computing paradigm in the context of vehicular networks. In vehicular fog computing, the vehicles serve as fog nodes. This is a promising model for latency-sensitive and location-aware services, which also incurs some unique security and privacy issues. However, there is a lack of a systematic approach to design security solutions of the vehicular fog using a comprehensive threat model. Threat modeling is a step-by-step process to analyze, identify, and prioritize all the potential threats and vulnerabilities of a system and solve them with known security solutions. A well-designed threat model can help to understand the security and privacy threats, vulnerabilities, requirements, and challenges along with the attacker model, the attack motives, and attacker capabilities. Threat model analysis in vehicular fog computing is critical because only brainstorming and threat models of other vehicular network paradigms will not provide a complete scenario of potential threats and vulnerabilities. In this paper, we have explored the threat model of vehicular fog computing and identified themore »threats and vulnerabilities using STRIDE and CIAA threat modeling processes. We posit that this initiative will help to improve the security and privacy system design of vehicular fog computing.« less
  4. Security is a huge challenge in vehicular networks due to the large size of the network, high mobility of nodes, and continuous change of network topology. These challenges are also applicable to the vehicular fog, which is a new computing paradigm in the context of vehicular networks. In vehicular fog computing, the vehicles serve as fog nodes. This is a promising model for latency-sensitive and location-aware services, which also incurs some unique security and privacy issues. However, there is a lack of a systematic approach to design security solutions of the vehicular fog using a comprehensive threat model. Threat modeling is a step-by-step process to analyze, identify, and prioritize all the potential threats and vulnerabilities of a system and solve them with known security solutions. A well-designed threat model can help to understand the security and privacy threats, vulnerabilities, requirements, and challenges along with the attacker model, the attack motives, and attacker capabilities. Threat model analysis in vehicular fog computing is critical because only brainstorming and threat models of other vehicular network paradigms will not provide a complete scenario of potential threats and vulnerabilities. In this paper, we have explored the threat model of vehicular fog computing and identified themore »threats and vulnerabilities using STRIDE and CIAA threat modeling processes. We posit that this initiative will help to improve the security and privacy system design of vehicular fog computing.« less
  5. null (Ed.)
    Data falsification attack in Vehicular Ad hoc Networks (VANET) for the Internet of Vehicles (IoV) is achieved by corrupting the data exchanged between nodes with false information. Data is the most valuable asset these days from which many analyses and results can be drawn out. But the privacy concern raised by users has become the greatest hindrance in performing data analysis. In IoV, misbehavior detection can be performed by creating a machine learning model from basic safety message (BSM) dataset of vehicles. We propose a privacy-preserving misbehavior detecting system for IoV using Federated Machine Learning. Vehicles in VANET for IoV are given the initial dull model to locally train using their own local data. On doing this we get a collective smart model that can classify Position Falsification attack in VANET using the data generated by each vehicle. All this is done without actually sharing the data with any third party to perform analysis. In this paper, we compare the performance of the attack detection model trained by using a federated and central approach. This training method trains the model on a different kind of position falsification attack by using local BSM data generated on each vehicle.