Your Car Tells Me Where You Drove: A Novel Path Inference Attack via CAN Bus and OBD-II Data

TL;DR

This paper introduces OPD-II, a novel attack that infers a vehicle's driven path using CAN bus data and a physical car model, highlighting privacy risks and potential investigative uses.

Contribution

The paper presents a new path inference attack requiring only initial location and heading, outperforming existing methods without needing training data or device access.

Findings

Achieves 95% accuracy in path reconstruction

Outperforms previous methods with 75-89% accuracy

Works across different cars and road scenarios

Abstract

Despite its well-known security issues, the Controller Area Network (CAN) is still the main technology for in-vehicle communications. Attackers posing as diagnostic services or accessing the CAN bus can threaten the drivers' location privacy to know the exact location at a certain point in time or to infer the visited areas. This represents a serious threat to users' privacy, but also an advantage for police investigations to gather location-based evidence. In this paper, we present On Path Diagnostic - Intrusion \& Inference (OPD-II), a novel path inference attack leveraging a physical car model and a map matching algorithm to infer the path driven by a car based on CAN bus data. Differently from available attacks, our approach only requires the attacker to know the initial location and heading of the victim's car and is not limited by the availability of training data, road configurations, or the need to access other victim's devices (e.g., smartphones). We implement our attack on a set of four different cars and a total number of 41 tracks in different road and traffic scenarios. We achieve an average of 95% accuracy on reconstructing the coordinates of the recorded path by leveraging a dynamic map-matching algorithm that outperforms the 75% and 89% accuracy values of other proposals while removing their set of assumptions.