Search Results

Maintaining and diagnosing vehicle systems often involves a technician connecting a service computer to the vehicle diagnostic port through a vehicle diagnostics adapter (VDA). This creates a connection from the service software to the vehicle network through a protocol adapter. Often, the protocols for the personal computer (PC) hosted diagnostic programs use USB, and the diagnostic port provides access to the controller area network (CAN). However, the PC can also communicate to the VDA via WiFi or Bluetooth. There may be scenarios where these wireless interfaces are not appropriate, such as maintaining military vehicles. As such, a method to defeature the wireless capabilities of a typical vehicle diagnostic adapter is demonstrated without access to the source code or modifying the hardware. The process of understanding the vehicle diagnostic adapter system, its hardware components, the firmware for the main processor and subsystems, and the update mechanism is explored.

Crashes involving Cummins powered heavy vehicles can damage the electronic control module (ECM) containing heavy vehicle event data recorder (HVEDR) records. When ECMs are broken and data cannot be extracted using vehicle diagnostics tools, more invasive and low-level techniques are needed to forensically preserve and decode HVEDR data. A technique for extracting non-volatile memory contents using non-destructive board level techniques through the available in-circuit debugging port is presented. Additional chip level data extraction techniques can also provide access to the HVEDR data. Once the data is obtained and preserved in a forensically sound manner, the binary record is decoded to reveal typical HVDER data like engine speed, vehicle speed, accelerator pedal position, and other status data. The memory contents from the ECM can be written to a surrogate and decoded with traditional maintenance and diagnostic software.

The lack of inherent security controls makes traditional Controller Area Network (CAN) buses vulnerable to Machine-In-The-Middle (MitM) cybersecurity attacks. Conventional vehicular MitM attacks involve tampering with the hardware to directly manipulate CAN bus traffic. We show, however, that MitM attacks can be realized without direct tampering of any CAN hardware. Our demonstration leverages how diagnostic applications based on RP1210 are vulnerable to Machine-In-The-Middle attacks. Test results show SAE J1939 communications, including single frame and multi-framed broadcast and on-request messages, are susceptible to data manipulation attacks where a shim DLL is used as a Machine-In-The-Middle. The demonstration shows these attacks can manipulate data that may mislead vehicle operators into taking the wrong actions.