行业研究公司研究宏观策略财报招股书会议纪要 seedance2.0 低空经济 DeepSeek AIGC 大模型

现代汽车网络安全趋势

交运设备 2025-08-22 卡巴斯基喵小鱼

研究总结

本文介绍了如何将电子控制单元（ECU）放置在工作台上进行测试，以降低汽车网络安全研究的门槛。主要内容包括：

ECU上工作台的设置

捕获CAN总线流量：需要获取车辆在不同状态下的CAN总线流量捕获数据，例如怠速、行驶、倒车、自动泊车、巡航控制等。
观察ECU在原生环境中的工作（可选破坏性步骤）：找到连接到CAN网络的线缆，并将其切断，然后连接ECOM电缆并观察ECU发送的流量。
在工作台上启动ECU：连接ECU的电源、地、CAN-H和CAN-L线缆，并使用12V电源供电。
连接传感器和执行器：根据线束图连接传感器和执行器，以确保ECU能够正常工作。
模拟缺失ECU的CAN流量：通过截取有效的CAN流量捕获数据，移除来自工作台ECU的消息，并重新播放剩余的包来模拟缺失ECU的流量。
配置模块：某些ECU可能需要根据车辆进行配置，例如传感器配置或使用车辆VIN进行编程。
伪造传感器：对于昂贵的传感器，可以使用简单的电路（如发送电压或连接到地）来模拟其功能。

多ECU工作台设置

可以使用面包板来连接多个ECU，并共享电源和CAN总线资源。
需要移除网络中其他ECU的消息，以避免混淆。

OBD-II在工作台上

可以添加OBD-II端口到工作台网络，并使用机械工具进行诊断、重置故障码或升级ECU固件。

故障排除问题

常见的错误包括电源/地线连接错误、CAN线缆连接错误、短路等。
ECU可能无法正常工作，但通常不会损坏。

测试在工作台上

ECU隔离：通过隔离每个ECU并观察其发送的消息，可以确定哪个ECU发送哪个消息，从而帮助逆向工程CAN消息的含义。
ECU交互和刷写：可以与ECU进行交互，例如执行安全访问、使用标准化命令（如RoutineControl、ReadMemoryByAddress）等，并观察机械工具的ECU刷写过程。
ECU传感器读取：一些CAN消息包含传感器读数，这有助于逆向工程消息中的数据，并选择可能的注入目标。

攻击 - CAN消息注入

许多攻击，例如控制转向、速度表、车载导航、里程表、安全带和油量表等，都可以在工作台上进行。
可以研究和构建针对蓝牙堆栈和轮胎压力监测系统（TPMS）等远程漏洞的攻击。
依赖于完整子系统的攻击，例如针对制动系统的攻击，可以在工作台上执行，但难以评估其危险性。

限制

工作台环境无法完美复制车辆环境，因此某些ECU可能无法正常工作。
缺少移动车辆，难以模拟某些攻击场景或评估攻击的危险性。

移动测试平台

将工作台环境安装在改装的卡车上，以模拟移动车辆环境。
可以连接实际的执行器（如动力转向）和传感器，并收集真实传感器数据。
可以在某些攻击场景中（如车道保持辅助和预碰撞系统）进行更真实的攻击演示。

移动测试平台的限制

缺少某些组件，例如刹车系统。
某些组件可能无法完美集成，例如转向柱连接器。
ECU可能无法进入正确的状态，例如动力转向模块需要特定的转向角度才能接受CAN总线命令。

结论

通过在工作台上设置ECU并进行测试，可以降低汽车网络安全研究的成本和门槛，并帮助研究人员开发攻击。移动测试平台可以提供更真实的测试环境，但仍然存在一些限制。希望通过这项研究，可以吸引更多安全研究人员参与汽车安全研究，并推动汽车制造商开发更安全的汽车。

CharlieMiller,SecurityEngineer,TwitterChrisValasek,DirectorofSecurityIntelligence,IOActive Contents Introduction..................................................................................................................................... 3Putting ECUs on the bench ............................................................................................................. 4Capture traffic from a CAN bus.................................................................................................. 4(Optional destructive step) Observe ECU in its native environment.......................................... 4Power up ECU on the bench....................................................................................................... 5Hook up sensors and actuators.................................................................................................... 9Simulating CAN traffic from missing ECUs ............................................................................ 12Configuring Modules ................................................................................................................ 12Fake sensors .............................................................................................................................. 13Multiple ECUs on the bench..................................................................................................... 15OBD-II on the bench................................................................................................................. 16Troubleshooting Issues ............................................................................................................. 18Testing on the bench ..................................................................................................................... 19ECU isolation............................................................................................................................ 19ECU interrogation and flashing ................................................................................................ 19ECU sensor readings................................................................................................................. 20Attacks - CAN message injection ............................................................................................. 20Limitations ................................................................................................................................ 22Mobile testing platform................................................................................................................. 23Limitations ................................................................................................................................ 26Conclusion .................................................................................................................................... 27References..................................................................................................................................... 27 IntroductionExamining automotive networks for security vulnerabilities is fun and has real world safety implications. From the beginning, we wanted to do something that would allowas many researchers as possible to get involved in this emerging discipline. That is whywe released all of our tools and data from our previous research [1]. We shared exactly what hardware you would need, and provided software in order toinvestigate different cars as well as knowledge on how to evaluate the security ofvehicles and possibly develop attacks against them. However, while this was veryuseful to aspiring car hackers, it turns out that the most significant limiting factor isn’tknowledge, or the tools/data to start car hacking, but rather researchers do not typicallyhave a car at their disposal to hack on. While most of the research carried out in thisfield is non-destructive and could be performed on your main vehicle, it is still a riskyand potentially expensive proposition to mess with a vehicle you actually need. The following research was an attempt to reduce this barrier to entry so moreresearchers could get involved. We used what we learned, as well as stripping out theelectronics from our test vehicles, to figure out how to set up electronic control units(ECU) on a workbench. In this way, instead of buying a new car, in order to get started,a researcher could simply buy an ECU on Ebay and start playing with it. In other words,instead of paying $40,000 for a vehicle, a researcher can get started for a few hundreddollars. This research shows exactly how to get an ECU up and running and how to get it to astate where you can start to evaluate the security of the device. The paper proceeds toshow how to set up an environment very similar to that in the automobile, includingmultiple ECUs as well as sensors and actuators. In the end, depending on howambitious the researcher happens to be, we even dis

点击免费查看完整报告