Fast and Vulnerable: A Story of Telematic Failures

Presented at ToorCon San Diego 17 (2015), Oct. 25, 2015, 1 p.m. (20 minutes)

Modern automobiles are complex distributed systems in which virtually all functionality-from acceleration and braking to lighting and HVAC - is mediated by computerized controllers. The interconnected nature of these systems raises obvious security concerns and prior work has demonstrated that a vulnerability in any single component may provide the means to compromise the system as a whole. Thus, the addition of new components, and especially new components with external networking capability, creates risks that must be carefully considered. In this paper we examine a popular aftermarket telematics control unit (TCU) which connects to a vehicle via the standard OBD-II port. We show that these devices can be discovered, targeted, and compromised by a remote attacker and we demonstrate that such a compromise allows arbitrary remote control of the vehicle. This problem is particularly challenging because, since this is aftermarket equipment, it cannot be well addressed by automobile manufacturers themselves.


  • Ian Foster / lanrat as Ian Foster
    Ian recently completed his a Masters in Computer Science at the University of California, San Diego. He works on identifying problems with the way devices and people communicate online in an effort to fix them. Ian has also been helping with ToorCon since 2010.

Similar Presentations: