Demo: CANDY CREAM
The attack performed back to 2015 by Miller and Valasek to the Jeep Cherokee proved that modern vehicles can be hacked like traditional PCs or smart-phones. Vehicles are no longer purely mechanical devices but shelter so much digital technology that they resemble a network of computers. Electronic Control Units (ECUs), that regulate all the functionalities of a vehicles, are commonly interconnected through the Controller Area Network (CAN) communication protocol. CAN is not secure-by-design: authentication, integrity and confidentiality are not considered in the design and implementation of the protocol. This represents one of the main vulnerability of modern vehicle: getting the access (physical or remote) to CAN communication allows a possible malicious entity to inject unauthorised messages on the CAN bus. These messages may lead to unexpected and possible very dangerous behaviour of the target vehicle. Here, we describe how we implement and perform CANDY CREAM, an attack made of two parts: CANDY aiming at exploiting a misconfiguration exposed by an infotainment system based on Android operating system connected to the vehicle’s CAN bus network, and CREAM, a post-exploitation script that injects customized CAN frame to alter the behaviour of the vehicle.
KeywordsAutomotive Cyber-security attack Infotainment system Android Remote exploit
This work has been partially supported by the GAUSS national research project (MIUR, PRIN 2015, Contract 2015KWREMX) and by H2020 EU-funded projects C3ISP (GA n700294).
- 1.Costantino, G., Matteucci, I.: CANDY CREAM - haCking infotAiNment anDroid sYstems to Command instRument clustEr via cAn data fraMe. In: Proceedings of the 17th IEEE International Conference on Embedded and Ubiquitous Computing, IEEE EUC 2019 (2019, in press)Google Scholar
- 2.Dieterle, D.W.: Basic Security Testing with Kali Linux 2. Copyright 2016 by Daniel W. Dieterle (2016)Google Scholar
- 3.NMap. https://nmap.org. Accessed 5 Mar 2019
- 4.OpenVas. http://www.openvas.org. Accessed 5 Mar 2019
- 5.adb. https://developer.android.com/studio/command-line/adb. Accessed 5 Mar 2019
- 6.Beaumont. https://tinyurl.com/yd7mvp2f. Accessed 5 Mar 2019
- 7.USBtin. https://www.fischl.de/usbtin/. Accessed 30 April 2019