Search Results

In the ever-evolving landscape of automotive technology, the need for robust security measures and dependable vehicle performance has become paramount with connected vehicles and autonomous driving. The Unified Diagnostic Services (UDS) protocol is the diagnostic communication layer between various vehicle components which serves as a critical interface for vehicle servicing and for software updates. Fuzz testing is a dynamic software testing technique that involves the barrage of unexpected and invalid inputs to uncover vulnerabilities and erratic behavior. This paper presents the implementation of fuzz testing methodologies on the UDS layer, revealing the potential vulnerabilities that could be exploited by malicious entities. By employing both open-source and commercial fuzzing tools and techniques, this paper simulates real-world scenarios to assess the UDS layer’s resilience against anomalous data inputs.

Robust communications are crucial for autonomous military fleets. Ground vehicles function as mobile local area networks utilizing Controller Area Network (CAN) backbones. Fleet coordination between autonomous platforms relies on the Robot Operating System (ROS) publish/subscribe robotic middleware for effective operation. To bridge communications between the CAN and ROS network segments, the CAN2ROS bridge software supports bidirectional data flow with message mapping and node translation. Fuzzing, a software testing technique, involves injecting randomized data inputs into the target system. This method plays a pivotal role in identifying vulnerabilities. It has proven effective in discovering vulnerabilities in online systems, such as the integrated CAN/ROS system. In our study, we consider ROS implementing zero-trust access control policies, running on a Gazebo test-bed connected to a CAN bus.

Android Automotive OS (AAOS) has been gaining popularity in recent years, with several OEMs across the world already deploying it or planning to in the near future. Besides the benefit of a well-known, customizable and secure operating system for OEMs, AAOS allows third-party app developers to offer their apps on vehicles of several manufacturers at the same time. Currently, there are 55 apps for AAOS that can be categorized as media, navigation or point-of-interest apps. Specifically the latter two categories allow the third-parties to collect certain sensor data directly from the vehicle. Furthermore, the latest version of AAOS also allows the OEM to configure and collect In-Vehicle Infotainment (IVI) and vehicle data (called OEM telemetry). However, increasing connectivity and integration with the in-vehicle network comes at the expense of user privacy. Previous works have shown that vehicular sensor data often contains personally identifiable information (PII).