Search for: All records

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic. We show, however, that MitM attacks can be realized without direct tampering of any CAN hardware. Our demonstration leverages how diagnostic applications based on RP1210 are vulnerable to Machine-In-The-Middle attacks. Test results show SAE J1939 communications, including single frame and multi-framed broadcast and on-request messages, are susceptible to data manipulation attacks where a shim DLL is used as a Machine-In-The-Middle. The demonstration shows these attacks can manipulate data that may mislead vehicle operators into taking the wrong actions. A solution is proposed to mitigate these attacks by utilizing machine authentication codes or authenticated encryption with pre-shared keys between the communicating parties. Various tradeoffs, such as communication overhead encryption time and J1939 protocol compliance, are presented while implementing the mitigation strategy. One of our key findings is that the data flowing through RP1210-based diagnostic systems are vulnerable to MitM attacks launched from the host diagnostics computer. Security models should include controls to detect and mitigate these data flows. An example of a cryptographic security control to mitigate the risk of an MitM attack was implemented and demonstrated by using the SAE J1939 DM18 message. This approach, however, utilizes over twice the bandwidth as normal communications. Sensitive data should utilize such a security control. 

Digital contact tracing offers significant promise to help reduce the spread of SARS-CoV-2 and other viruses. Google and Apple joined together in 2020 to create the Google/Apple Exposure Notification (GAEN) framework to determine encounters with anonymous users later diagnosed COVID-19 positive. However, as GAEN lacks geospatial awareness, it is susceptible to geographically distributed replay attacks. Anonymous, low-cost, crowd-sourced replay attack networks deployed by malicious actors (or far away nation-state attackers) who utilize malicious (or innocent) users’ smartphones to capture and replay GAEN advertisements can drastically increase false-positive rates even in areas that otherwise exhibit low positivity rates. In response to this powerful replay attack, we introduce GAEN+ , a solution that enhances GAEN with geospatial awareness while maintaining user privacy, and demonstrate its ability to effectively prevent geographically distributed replay attacks.