Adventures in Automotive Networks and Control Units (ECUs)

Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, we demonstrate how on two different vehicles that in some circumstances we are able to control the steering, braking, acceleration and display. We also propose a mechanism to detect these kinds of attacks. In this paper we release all technical information needed to reproduce and understand the issues involved including source code and a description of necessary hardware.