A Vulnerability in Modern Automotive Standards and How We Exploited It


This research is a joint effort between Politecnico di Milano, Linklayer Labs, and Trend Micro’s FTR. In this report, we describe a vulnerability in modern cars’ networks that allows a completely stealthy denial-of-service attack which is undetectable by current security mechanisms and works for every automotive vendor. This attack differs drastically from other previously reported car hacks because it does not exploit easily patchable software vulnerabilities. Rather, the element exploited is a design flaw, which is thus fundamentally hard to solve, in the standard that defines how in-vehicle networks work. This attack was presented at the 2017 international conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) in Bonn (Jul 6–7). Prior to that, we coordinated with the ICS-CERT, which promptly disseminated an alert (ICS-ALERT-17-209-01).

TrendLabs Security Intelligence Blog