The modern automobile typically has many, e.g., up to seventy, electronic control units (ECUs) for various systems and subsystems. The most powerful ECU in terms of processing power is typically an engine control unit. Other ECUs are used for transmission, airbags, antilock braking/ABS, cruise control, electric power steering, audio systems, power windows, doors, mirror adjustment, battery and recharging systems for hybrid and electric cars, etc. Some of these ECUs form independent subsystems, but nonetheless communications among ECUs is generally essential.
A controller area network (CAN) bus standard was devised, and is well known, to allow microcontrollers, such as in an ECU and other devices in a vehicle, to communicate with each other in applications without a host computer. CAN is a message-based protocol, designed originally for automotive applications, but is also used in many other contexts. A CAN bus uses serial communication for sending and receiving messages. Serial communication refers to the process of sending data one bit at a time, sequentially, over a communication channel, such as a vehicle's communication bus.
Spoofing is a situation in which a computing entity and/or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access to a system or a network. Spoofing of a message on a vehicle communications bus typically involves masquerading as an ECU module and placing messages on the vehicle's communications bus as if the masquerading ECU module was the legitimate source of the message. The masquerading ECU module may send messages onto the bus. Receiving modules on the bus may act on the messages, unaware of their true source. The consequences of a vehicle acting on spoofed messages can be severe.