Modern automobiles have moved from mere mechanical devices to systems composed of a number of electronic components, including upwards of 50 electronic control units (ECUs) networked together. The overall safety of the vehicle relies on near real-time communication between the various ECUs that are connected to the automobile network. While communicating with each other, ECUs are responsible for detecting crashes, detecting skids, performing anti-locking of the brakes, automatic parking, etc.
Typically, ECUs are networked together on one or more buses based on the CAN standard. The ECUs communicate with one another by sending CAN messages. The CAN messages are broadcast to all components on the bus and each component decides whether it is intended for them. However, there is no source identifier or authentication built into the CAN messages. Because of these two facts, it is easy for components to both sniff the CAN network as well as masquerade as other ECUs and send CAN messages. It is also possible for the ECUs to be attacked, remotely and with both short-term and long-term physical access, in order for malicious code to be run on them. Once an ECU has malicious code running on it, the ECU can send messages on the CAN network and cause the automobile to behave abnormally, in some cases putting the driver in physical harm. Depending on the electronics in the automobile, it is possible for malicious code to make many changes to the operation of the car, such as causing it to brake, turn the steering wheel, change the readout of the speedometer, kill the engine, etc.