Abstract
The convergence of information technology and vehicular technologies are a growing paradigm, allowing information to be sent by and to vehicles. This information can further be processed by the Electronic Control Unit (ECU) and the Controller Area Network (CAN) for in-vehicle communications or through a mobile phone or server for out-vehicle communication. Information sent by or to the vehicle can be life-critical (e.g. breaking, acceleration, cruise control, emergency communication, etc. . . ). As vehicular technology advances, in-vehicle networks are connected to external networks through 3 and 4G mobile networks, enabling manufacturer and customer monitoring of different aspects of the car. While these services provide valuable information, they also increase the attack surface of the vehicle, and can enable long and short range attacks. In this manuscript, we evaluate the security of the 2017 Skoda Octavia vRS 4x4. Both physical and remote attacks are considered, the key fob rolling code is successfully compromised, privacy attacks are demonstrated through the infotainment system, the Volkswagen Transport Protocol 2.0 is reverse engineered. Additionally, in-car attacks are highlighted and described, providing an overlook of potentially deadly threats by modifying ECU parameters and components enabling digital forensics investigation are identified.
Highlights
The average family car produced between the 1960’s - 1980’s had limited electronics and technological systems installed
This manuscript, a methodology for testing the cyber-security of vehicular technologies is presented alongside components able to yield data in a digital forensic investigation based on our cyber-security findings
There has been little documented research on the cyber-security aspects of vehicular technologies currently on the road. In this manuscript vehicular security testing methodology was presented, enabling cyber-security researchers to identify key components of vehicles. This methodology was subsequently used to evaluate the cyber-security of a Skoda Octavia vRS
Summary
The average family car produced between the 1960’s - 1980’s had limited electronics and technological systems installed. The additions to the ECU, remote central locking, CAN bus network and electronic safety systems became standard [1], the speed of technological advancement through mobile applications and increased communication services, to and from car companies, has resulted in an increased attack surface and security vulnerabilities. This is due to the lack of security consideration for vehicular technologies and associated connected systems [2].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
