Emerging Tech

Blog archive
vehicle network (chombosan/Shutterstock.com)

Prototype plug-in alerts drivers to vehicle cyberattacks

Protecting increasingly computerized cars and other vehicles from cyberattacks is harder than you might think.  In fact, according to Bobby Bridges, a research mathematician at the Oak Ridge National Laboratory in Tennessee, even detecting an attack takes some demanding data analysis.

The problem, Bridges said, lies partly in the way that the signals -- which tell the car to switch on a turn signal, engage the brakes or accelerate, for example -- travel through a controller-area network bus.  “One problem,” he said, “is that every make and model year of car" maps and codes the messages differently.  

Another problem, Bridges said, is that the messages aren’t discrete, one-at-a-time messages.  That is, if you turn on the headlights, there isn’t a single message to that effect sent across the CAN bus.  Instead, status messages are repeatedly sent across the CAN bus with a regular frequency to the effect of, “Headlights on.”  

The bottom line, said Bridges, is that “for any car you have a ton of messages flowing by and you don't know what they are coded for.  From the cyber perspective it is hard to attack, but it is also hard to defend.”

“That,” he added, “is where data science comes in.”

After the ORNL team tapped into the CAN buses on several vehicles -- which are present on all automobiles manufactured after 1997 -- they knocked on Bridges’ door and asked him to see what he could make of it. 

The first step was building some sort of detector,  Bridges said.  “Can we detect if someone were to inject signals that shouldn’t be there?”

The team found that the signals controlling each device in the car are sent in such regular intervals that it was simple to detect if someone injected signals.  “Imagine you want to suppress my brake lights while I'm driving,” he said.  "Since the car is repeatedly sending the signal “brake lights on,” a hacker would have to match the pattern and repeatedly send the message “brake lights off.”

"It makes it very easy to see if somebody is injecting a signal," he explained, "because they are not going to hit the right frequency.”

The ORNL team didn’t just work with data -- it built a prototype aftermarket plug-in that could be used for intrusion detection.  “We got a little Nvidia JetPack -- a little board that has a CPU on it and is about four times the size of a Raspberry Pi,” Bridges said.

What’s more, according to Bridges, the device doesn’t need to know the CAN bus coding of a particular vehicle to work, because it relies on detecting changes in the frequency of specific coded signals.  It doesn’t, in short, need to know what those signals are intended to control.

The current version of the ONRL detection system does have some significant limitations.  First, while it is quite good at detecting intruding signals, it is not able to effectively block them.  Still, the operator would at least know it’s time to stop the car and have it checked.

The device also doesn’t address the potential issue of sophisticated hackers taking over the entire CAN bus and substituting all the data, including the vehicle's normal operating data.  While such a hack has been demonstrated in the lab, unless the goal is to completely disable the car, hackers would need to know the CAN bus coding for that particular vehicle's devices.

The ORNL team also faced another challenge in U.S. patent law. According to Bridges, the team’s patent lawyers found that others had already patented the general idea without having any idea of how to implement it. 

“Apparently, you can patent something that you have no idea how to physically pull off,” he sighed.  But if the lab adds a unique machine learning algorithm that can help the detection system make predictions, he said, "we can probably have something that is patentable.”

Posted by Patrick Marshall on Nov 16, 2017 at 12:36 PM


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.