Security Threats to Automotive CAN Networks – Practical Examples and Selected Short-Term Countermeasures

  • Tobias Hoppe
  • Stefan Kiltz
  • Jana Dittmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5219)


The IT security of automotive systems is an evolving area of research. To analyse the current situation we performed several practical tests on recent automotive technology, focusing on automotive systems based on CAN bus technology. With respect to the results of these tests, in this paper we discuss selected countermeasures to address the basic weaknesses exploited in our tests and also give a short outlook to requirements, potential and restrictions of future, holistic approaches.


Automotive IT-Security Safety Practical tests Exemplary threats and countermeasures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kaspersky, E.: Viruses coming aboard?, Weblog January 24, 2005 (June 2008),
  2. 2.
    Barisani,A., Daniele, B.: Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals. In: Can Sec West, Vancouver (2007)Google Scholar
  3. 3.
    Car-2-Car Communication Consortium (June 2008),
  4. 4.
    Lang, A., Dittmann, J., Kiltz, S., Hoppe, T.: Future Perspectives: The Car and its IP-Address - A Potential Safety and Security Risk Assessment. In: Saglietti, F., Oster, N. (eds.) SAFECOMP 2007. LNCS, vol. 4680. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    BOSCH CAN, Website (June 2008),
  6. 6.
    Wolf, M., Weimerskirch, A., Wollinger, T.: State of the Art: Embedding Security in Vehicles. EURASIP Journal on Embedded Systems 2007, 16 (2007); Article ID 74706, 16 pages, 2007. doi:10.1155/2007/74706CrossRefGoogle Scholar
  7. 7.
    Press release of Ruhr-Universität Bochum: Remote keyless entry system for cars and buildings is hacked, may 31st, Link (2008),
  8. 8.
    HIS: Herstellerinitiative Software (June 2008),
  9. 9.
    Vector Informatik (June 2008),
  10. 10.
    Hoppe, T., Dittmann, J.: Sniffing/Replay Attacks on CAN Buses: A Simulated Attack on the Electric Window Lift Classified using an Adapted CERT Taxonomy. In: 2nd Workshop on Embedded Systems Security (WESS 2007), A Workshop of the IEEE/ACM EMSOFT 2007 and the Embedded Systems Week, October 4 (2007)Google Scholar
  11. 11.
    Hoppe, T., Kiltz, S., Lang, A., Dittmann, J.: Exemplary Automotive Attack Scenarios: Trojan horses for Electronic Throttle Control System (ETC) and replay attacks on the power window system. In: Automotive Security - VDI-Berichte 2016, 23. VDI/VW Gemeinschaftstagung Automotive Security, Wolfsburg, Germany, 27-28 November 2007, pp. 165–183. VDI-Verlag (2007) ISBN 978-3-18-092016-0Google Scholar
  12. 12.
    Hoppe, T., Dittmann, J.: Vortäuschen von Komponentenfunktionalität im Automobil: Safety- und Komfort-Implikationen durch Security-Verletzungen am Beispiel des Airbags. In: Sicherheit 2008; Sicherheit - Schutz und Zuverlässigkeit, Saarbrücken, Germany, April 2008, pp. 341–353 (2008) ISBN 978-3-88579-222-2Google Scholar
  13. 13.
    FlexRay - The communication system for advanced automotive control applications (June 2008),
  14. 14.
    Stakhanova, N., Basu, S., Wong, J.: A Taxonomy of Intrusion Response Systems. nternational Journal of Information and Computer Security 1(1), 169–184 (2007)CrossRefGoogle Scholar
  15. 15.
    Hoppe, T., Kiltz, S., Dittmann, J.: IDS als zukünftige Ergänzung automotiver IT-Sicherheit. In: DACH Security 2008, June 24-25, 2008, Technische Universität Berlin (to appear, 2008)Google Scholar
  16. 16.
    Website Kienzle-Automotive, product page of the Unfalldatenspeicher UDS system (June 2008),
  17. 17.
    Jan Pelzl: Secure Hardware in Automotive Applications. In: 5th escar conference – Embedded Security in Cars, November 6./7, Munich, Germany (2007)Google Scholar
  18. 18.
    Trusted Computing Group (June 2008),
  19. 19.
    Bogdanov, A., Eisenbarth, T., Wolf, M., Wollinger, T.: Trusted Computing for Automotive Systems; In: Automotive Security - VDI-Berichte 2016, 23. VDI/VW Gemeinschaftstagung Automotive Security, Wolfsburg, Germany, 27-28 November 2007. VDI-Verlag, pp. 227-237, (2007) ISBN 978-3-18-092016-0Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Tobias Hoppe
    • 1
  • Stefan Kiltz
    • 1
  • Jana Dittmann
    • 1
  1. 1.ITI Research Group on Multimedia and SecurityOtto-von-Guericke University of MagdeburgMagdeburgGermany

Personalised recommendations