In a paper they plan to present at the Usenix security conference next month, University of Michigan researchers Kyong-Tak Cho and Kang Shin describe an easy-to-assemble tool they call the Clock-based Intrusion Detection System, or CIDS. It’s designed to spot the malicious messages car hackers use to take control of vehicle components like brakes and transmission. The CIDS prototype uses a new technique to spot attack messages: It records the communications on a car’s internal network known as a CAN bus and\u2014in just seconds\u2014creates “fingerprints” for every digital component of a vehicle, the so-called Electronic Control Units or ECUs that allow everything from brakes to windshield wipers to communicate.<\/p>\n
To perform that fingerprinting, they use a weird characteristic of all computers: tiny timing errors known as “clock skew.” Taking advantage of the fact that those errors are different in every computer\u2014including every computer inside a car\u2014the researchers were able to assign a fingerprint to each ECU based on its specific clock skew. The CIDS’ device then uses those fingerprints to differentiate between the ECUs, and to spot when one ECU impersonates another, like when a hacker corrupts the vehicle’s radio system to spoof messages that are meant to come from a brake pedal or steering system.<\/p>\n
That sort of impersonation is key to how white hat hackers previously managed to remotely mess with vehicles’ brakes, transmission and steering systems.<\/p>\n
<\/p>\n