Carson Green, Rik Chatterjee, Jeremy Daily (Colorado State University)
Modern automotive operations are governed by embedded computers that communicate over standardized protocols, forming the backbone of vehicular networking. In the domain of commercial vehicles, these systems predominantly rely on the high-level protocols running on top of the Controller Area Network (CAN) protocol for internal communication in medium and heavy-duty applications. Critical to this ecosystem is the Unified Diagnostics Services (UDS) protocol, outlined in ISO 14229 (Unified Diagnostic Services - UDS) and ISO 15765 (Diagnostic Communication over CAN), which provides essential diagnostic functionalities. This paper presents three distinct scenarios, demonstrating potential shortcomings of the UDS protocol standards and how they can be exploited to launch attacks on in-vehicle computers in commercial vehicles while bypassing security mechanisms.
In the initial two scenarios, we identify and demonstrate two vulnerabilities in the ISO 14229 protocol specifications. Subsequently, in the final scenario, we highlight and demonstrate a vulnerability specific to the ISO 15765 protocol specifications.
For demonstration purposes, bench-level test systems equipped with real Electronic Control Units (ECUs) connected to a CAN bus were utilized. Additional testing was conducted on a comprehensively equipped front cab assembly of a 2018 Freightliner Cascadia truck, configured as an advanced test bench. The test results reveal how attacks targeting specific protocols can compromise individual ECUs. Furthermore, in the Freightliner Cascadia truck setup, we found a network architecture typical of modern vehicles, where a gateway unit segregates internal ECUs from diagnostics. This gateway, while designed to block standard message injection and spoofing attacks, specifically allows all UDS-based diagnostic messages. This selective allowance inadvertently creates a vulnerability to UDS protocol attacks, underscoring a critical area for security enhancements in commercial vehicle networks. These findings are crucial for engineers and programmers responsible for implementing the diagnostic protocols in their communication subsystems, emphasizing the need for enhanced security measures.