HackCar – Attack AND Defense Playground For Automotive System

Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. 

However, vehicle hijacking can occur through message injection attacks because the CAN network lacks the security of drive-by-wire systems such as speed control, consequently posing a risk to life. 

Despite the efforts of researchers to propose solutions like intrusion detection, encryption, and authentication to enhance CAN’s security features, many previous works have not taken into account practical constraints in auto-making.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The following cybersecurity analysts present HackCar, a cost-effective and fully configurable test platform for evaluating attacks and defenses on automotive architectures:-

  • Dario Stabili
  • Filip Valgimigli
  • Edoardo Torrini
  • Mirco Marchetti

However, there are difficulties for several investigators who want to access actual automobile platforms when analyzing security risks in existing car systems due to investment barriers.

HackCar : Attack AND Defense Playground

HackCar is built on a stripped F1-10th model, HackCar replicates in-vehicle networks and allows implementing real-world scenarios like compromising an autonomous forward-collision avoidance system. 

By open-sourcing HackCar’s specifications, designs, and prototype boards, it enable researchers to replicate and expand on this secure, safe, and budget-friendly platform for comprehensively testing vehicle system security without prohibitive investments. 

Researchers’ main contribution is facilitating crucial automotive cybersecurity research previously restricted by access limitations.

HackCar comprises the following main components:-

  • The sensing system for obstacle detection (LiDAR or stereo cameras)
  • Multiple on-board controllers for sensor data analysis (Sensing System Controller)
  • Actuator management (Main Controller Unit)
  • Attack replication (Attack Controller)
  • Anomaly detection (Detection Controller)
  • An in-vehicle CAN network facilitating communication among controllers using standardized data frames

This architecture replicates a real vehicle’s operational scenarios like autonomous and manual emergency braking while enabling security evaluation through attack implementation and defensive monitoring across the integrated sensing, computational, and network layers.

Overview of the HackCar test platform(Source – Arxiv)

The threat model considers an attacker with in-vehicle network access able to inject malicious CAN messages but not compromise existing ECUs. 

Researchers experimentally evaluate an attack subverting the autonomous emergency braking system by having the Attack Controller intercept and overwrite RPM messages, preventing the platform from stopping. 

Validation involves analyzing CAN bus utilization compared to a reference vehicle, focusing on frequent drive-by-wire related messages, and scrutinizing attack consequences observed in CAN communication. 

Results confirm that HackCar replicates realistic attack behaviors impacting the autonomous driving functionality.

Researchers presented HackCar, a configurable test platform for prototyping attacks and defenses on automotive systems. 

Implemented using an F1-10th model with multiple automotive-grade microcontrollers, HackCar replicates sensing systems for ADAS features, a main controller for autonomous driving, an attacker component for injecting malicious messages on the in-vehicle network, and a detection system to evaluate defensive solutions. 

Validation tests confirm HackCar accurately models realistic vehicle behavior while enabling security research by demonstrating attack consequences in a controlled, cost-effective environment without requiring full vehicle access. 

HackCar facilitates crucial automotive cybersecurity studies that were previously challenging due to platform limitations.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

1 day ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

1 day ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

1 day ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

1 day ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

2 days ago

A Dark Web Operation Acquiring KYC Details TO Bypass Identity Verification Systems

A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…

2 days ago