Security issues in controller area networks in automobiles with the implementation of fuzzing

Abstract

This scope of this research is identifying vulnerabilities in the auto motive’s network, focusing mainly on those implemented with the CAN protocol, by using the fuzzing technique. Security of automotive has recently began to take notice after numerous new features that were implemented in modern vehicles. Such features like auto parking use the same network of the other components of the vehicle. Therefore, CAN vulnerabilities that have been neglected for the past couple of years have now become security issues. This research aims to identify these CAN vulnerabilities automatically by using the fuzzing technique. This was tackled by implementing an intelligent fuzzer that sniffs a live automotive network, and from that information an analysed version of those messages is formed. This version contains all the changes of values in all byte of the SCAN packet. Then the intelligent fuzzer uses this analysed version to know exactly what bytes to attack to have a successful attack. The intelligent fuzzer is divided into two modes, manual fuzzing that randomly fuzzes the bytes that are changing and an automatic fuzzer that considers the values that are being changed in that byte and fuzzes that byte only on that values rather than the whole combinations. This intelligent fuzzer concluded that CAN vulnerabilities are found by the intelligent fuzzer. Multiple CAN IDs’ data bytes were analysed and later fuzzed both manually and automatically. From these observations it was concluded that the manual fuzzing is suitable for some CAN IDs and the automatic fuzzing is more adapted to fuzzing more critical components.