TY - GEN
T1 - Security and privacy vulnerabilities of in-car wireless networks
T2 - 19th USENIX Security Symposium
AU - Rouf, Ishtiaq
AU - Miller, Rob
AU - Mustafa, Hossen
AU - Taylor, Travis
AU - Oh, Sangho
AU - Xu, Wenyuan
AU - Gruteser, Marco
AU - Trappe, Wade
AU - Seskar, Ivan
PY - 2010/1/1
Y1 - 2010/1/1
N2 - Wireless networks are being integrated into the modern automobile. The security and privacy implications of such in-car networks, however, have are not well understood as their transmissions propagate beyond the confines of a car’s body. To understand the risks associated with these wireless systems, this paper presents a privacy and security evaluation of wireless Tire Pressure Monitoring Systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle. Finally, the paper concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming in-car wireless sensor networks.
AB - Wireless networks are being integrated into the modern automobile. The security and privacy implications of such in-car networks, however, have are not well understood as their transmissions propagate beyond the confines of a car’s body. To understand the risks associated with these wireless systems, this paper presents a privacy and security evaluation of wireless Tire Pressure Monitoring Systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle. Finally, the paper concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming in-car wireless sensor networks.
UR - http://www.scopus.com/inward/record.url?scp=85040565418&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85040565418&partnerID=8YFLogxK
M3 - Conference contribution
T3 - Proceedings of the 19th USENIX Security Symposium
SP - 323
EP - 338
BT - Proceedings of the 19th USENIX Security Symposium
PB - USENIX Association
Y2 - 11 August 2010 through 13 August 2010
ER -