Abstract

Modern automobiles are complex distributed systems in which virtually all functionality — from acceleration and braking to lighting and HVAC — is mediated by com-puterized controllers. The interconnected nature of these systems raises obvious security concerns and prior work has demonstrated that a vulnerability in any single com-ponent may provide the means to compromise the system as a whole. Thus, the addition of new components, and especially new components with external networking ca-pability, creates risks that must be carefully considered. In this paper we examine a popular aftermarket telem-atics control unit (TCU) which connects to a vehicle via the standard OBD-II port. We show that these devices can be discovered, targeted, and compromised by a re-mote attacker and we demonstrate that such a compro-mise allows arbitrary remote control of the vehicle. This problem is particularly challenging because, since this is aftermarket equipment, it cannot be well addressed by automobile manufacturers themselves. 1