Monday, January 13, 2025
Homecyber securityHackCar - Attack AND Defense Playground For Automotive System

HackCar – Attack AND Defense Playground For Automotive System

Published on

Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. 

However, vehicle hijacking can occur through message injection attacks because the CAN network lacks the security of drive-by-wire systems such as speed control, consequently posing a risk to life. 

Despite the efforts of researchers to propose solutions like intrusion detection, encryption, and authentication to enhance CAN’s security features, many previous works have not taken into account practical constraints in auto-making.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The following cybersecurity analysts present HackCar, a cost-effective and fully configurable test platform for evaluating attacks and defenses on automotive architectures:-

  • Dario Stabili
  • Filip Valgimigli
  • Edoardo Torrini
  • Mirco Marchetti

However, there are difficulties for several investigators who want to access actual automobile platforms when analyzing security risks in existing car systems due to investment barriers.

HackCar : Attack AND Defense Playground

HackCar is built on a stripped F1-10th model, HackCar replicates in-vehicle networks and allows implementing real-world scenarios like compromising an autonomous forward-collision avoidance system. 

By open-sourcing HackCar’s specifications, designs, and prototype boards, it enable researchers to replicate and expand on this secure, safe, and budget-friendly platform for comprehensively testing vehicle system security without prohibitive investments. 

Researchers’ main contribution is facilitating crucial automotive cybersecurity research previously restricted by access limitations.

HackCar comprises the following main components:-

  • The sensing system for obstacle detection (LiDAR or stereo cameras)
  • Multiple on-board controllers for sensor data analysis (Sensing System Controller)
  • Actuator management (Main Controller Unit)
  • Attack replication (Attack Controller)
  • Anomaly detection (Detection Controller)
  • An in-vehicle CAN network facilitating communication among controllers using standardized data frames

This architecture replicates a real vehicle’s operational scenarios like autonomous and manual emergency braking while enabling security evaluation through attack implementation and defensive monitoring across the integrated sensing, computational, and network layers.

Overview of the HackCar test platform(Source – Arxiv)

The threat model considers an attacker with in-vehicle network access able to inject malicious CAN messages but not compromise existing ECUs. 

Researchers experimentally evaluate an attack subverting the autonomous emergency braking system by having the Attack Controller intercept and overwrite RPM messages, preventing the platform from stopping. 

Validation involves analyzing CAN bus utilization compared to a reference vehicle, focusing on frequent drive-by-wire related messages, and scrutinizing attack consequences observed in CAN communication. 

Results confirm that HackCar replicates realistic attack behaviors impacting the autonomous driving functionality.

Researchers presented HackCar, a configurable test platform for prototyping attacks and defenses on automotive systems. 

Implemented using an F1-10th model with multiple automotive-grade microcontrollers, HackCar replicates sensing systems for ADAS features, a main controller for autonomous driving, an attacker component for injecting malicious messages on the in-vehicle network, and a detection system to evaluate defensive solutions. 

Validation tests confirm HackCar accurately models realistic vehicle behavior while enabling security research by demonstrating attack consequences in a controlled, cost-effective environment without requiring full vehicle access. 

HackCar facilitates crucial automotive cybersecurity studies that were previously challenging due to platform limitations.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PriveShield – Advanced Privacy Protection with Browser Profile Isolation

A browser extension named PRIVESHIELD automatically creates isolated profiles to group websites based on...

How Learning Experience Platforms Are Transforming Training

Within today's fast-changing global society, effective training is vital for personal and professional success....

Use Cases of WhatsApp Live Chat

Real-time communication is essential for both businesses and individuals. WhatsApp, with its vast global...