The Vehicle May Be Sick: Denial of Diagnostic Services by Exploiting the CAN Transport Protocol

TL;DR

This paper uncovers vulnerabilities in vehicle diagnostic protocols, demonstrating how attackers can exploit the CAN transport layer to deny diagnostic services and manipulate vehicle data, posing safety risks.

Contribution

It identifies eight novel attack scenarios exploiting ISO 15765-2 transport mechanisms and demonstrates their practical impact on real vehicles.

Findings

Three attack scenarios successfully deny diagnostic services.

Attacks can cause concealed faults and manipulated sensor readings.

Vulnerabilities can deceive technicians and compromise safety.

Abstract

Vehicle diagnostics has become essential for detecting in-vehicle errors and ensuring safety. While the Unified Diagnostic Services (UDS) protocol is widely adopted for diagnostic operations, it relies on the ISO 15765-2 standard as the transport protocol over the Controller Area Network (CAN), which was designed without inherent security considerations. In this paper, we identify eight novel attack scenarios that exploit specific transport layer mechanisms in the ISO 15765-2 standard, including Flow Control manipulation, Sequence Number violations, and error handling abuses. We evaluate these attacks on a real passenger vehicle using two distinct diagnostic tools to demonstrate their practical impact. Our results confirm that three of these attack scenarios successfully induce denial of diagnostic services, leading to abnormal diagnostic results such as concealed faults and manipulated sensor readings. These findings highlight critical vulnerabilities that can deceive technicians and drivers, potentially exposing vehicles to significant safety risks.