Search Results

Passenger cars are equipped with an OBD connector according to SAE J1962 / ISO 15031-3. Passenger cars that support ISO UDS on DoIP use the same connector with Ethernet pins according to ISO/DIS 13400-4 (Ethernet diagnostic connector). If external test equipment is connected to the Ethernet diagnostic connector via a 100BASE-TX cable with the RJ45 connector at the tester, a VCI is not necessary anymore. With a device that fits the Ethernet diagnostic connector physically and acts as a converter between the Ethernet signals and WLAN, external test equipment that supports wireless communication, can be connected to the vehicle. Examples for such wireless external test equipment include Android/iOS- based smart phones and tablets with purpose-made applications (APPs). The software components of external test equipment are standardized in ISO 22900 (MVCI). The MVCI D-Server processes data in ODX (ISO 22901) and sequences in OTX (ISO 13209).

Remote diagnostic systems support diagnostic communication by having the capability of sending diagnostic request services to a vehicle and receiving diagnostic response services from a vehicle. These diagnostic services are specified in diagnostic protocols, such as SAE J1979, SAE J1939 or ISO 14229 (UDS). For the purpose of diagnostic communication, the tester needs access to the electronic control units as communication partners. Physically, the diagnostic tester gets access to the entire vehicle´s E/E system, which consists of connectors, wiring, the in-vehicle network (e.g. CAN), the electronic control units, sensors, and actuators. Any connection of external test equipment and the E/E system of a vehicle poses a security vulnerability. The combination can be used for malicious intrusion and manipulation.

Remote diagnostic systems support diagnostic communication by having the capability of sending diagnostic request services to a vehicle and receiving diagnostic response services from a vehicle. These diagnostic services are specified in diagnostic protocols, such as SAE J1979, SAE J1939 or ISO 14229 (UDS). For the purpose of diagnostic communication, the tester needs access to the electronic control units as communication partners. Physically, the diagnostic tester gets access to the entire vehicle´s E/E system, which consists of connectors, wiring, the in-vehicle network (e.g. CAN), the electronic control units, sensors, and actuators. Any connection of external test equipment and the E/E system of a vehicle poses a security vulnerability. The combination can be used for malicious intrusion and manipulation.

This paper will provide an Overview of Automotive Cyber Security Standards related to the Vehicle OBD-II Data Link. The OBD-II Connector Attack Tree is described with respect to the SAE J3138 requirements for Intrusive vs. non-Intrusive Services. A proposed test method for SAE J3138 is described including hardware and software scripting. Finally, example test results are reviewed and compared with a potential threat boundary.