Introduction#
Over the past year, we’ve developed a cutting-edge car hacking demonstrator primarily for internal training purposes. This platform emulates a real car – with authentic CAN communication – and offers a hands-on way to explore automotive vulnerabilities. Through various dashboards, including a speed gauge, attacker view, and defender view, we can simulate attacks and visually observe their consequences in real time.
Background & Context#
Why Automotive Cybersecurity Matters#
Automotive cybersecurity has become increasingly important as modern vehicles integrate more advanced IT and operational technology systems. With connected cars becoming the norm, vulnerabilities in communication protocols like the CAN bus have the potential to compromise vehicle safety and performance. Our demonstrator was built as an internal training tool to bridge the gap between theoretical knowledge and real-world application, allowing us to better understand these vulnerabilities in a controlled environment.
Overview of the Demonstrator#
Our demonstrator is an innovative training platform that replicates the behavior of a real car. It is built to simulate the intricate communication that occurs over the CAN bus, ensuring that the training experience closely mirrors real-world scenarios. The system includes multiple control units that perform individual tasks, much like those found in an actual vehicle. For example, the demonstrator can execute CAN injection attacks, such as speed manipulation, with these actions immediately reflected on the visual dashboards. In addition to the current dashboards which are controlled via an Xbox controller, we are planning to incorporate a 3D simulator alongside the driver dashboard in our upcoming version. This new feature will allow us to visualize attack scenarios in even greater detail and provide an even more immersive training experience. Moreover, we plan to integrate various hardware accessories, such as an OBD2 connector, that will allow us to connect real-life diagnostic devices to the demonstrator. This connector will enable us to simulate attacks even closer to reality, further enhancing the authenticity of our training experience.
Demonstrator#
Driver Dashboard#
Attacker Dashboard#
Defender Dashboard#
Architecture and Setup#
Although we will not delve into the specific hardware details, it is important to note that our demonstrator mirrors a real car’s architecture. It employs a modular design with distinct control units that manage functions like speed regulation and sensor feedback. The system leverages real CAN bus communication protocols to maintain authenticity, and the integrated dashboards provide clear, visual feedback during each phase of an attack. This realistic emulation helps our team understand how various vulnerabilities can be exploited and, in turn, how they might be mitigated in real vehicles.
Future Outlook and Recommendations#
As automotive technology continues to evolve, the sophistication of potential cyberattacks is also expected to increase. Our car hacking demonstrator will evolve alongside these emerging threats, ensuring that our training remains relevant and effective. We believe that practical, hands-on training is essential for preparing security teams to defend against these threats.
Conclusion#
Our car hacking demonstrator stands as a testament to the critical role of practical training in the realm of automotive cybersecurity. By emulating a real car’s control systems and leveraging authentic CAN communication, the platform provides a vivid, real-time insight into the mechanics of cyberattacks and the corresponding defensive strategies. We are confident that tools like this are essential for equipping security teams with the knowledge and skills needed to protect the vehicles of tomorrow.
