Assuring Trustworthiness via Structured Assurance Cases
possible but make sure the solutions fit
together. The Miller-Valasek “Jeep Hack”
attacks from back in 2015 33 and 2016 34
demonstrates how alignment is necessary.
the car. Unfortunately, that approach was
eventually figured out by Miller and Valesek
and they also figured out how to apply a
software update of their own creation to the
bus gateway (BCM) through the head-unit.
This bus gateway was supposed to arbitrate
the connection between the CAN bus and
the bus with the head-unit, but after the
Figure 14 is an illustration of the bus
structure similar to the one in the Jeep. On
the far right there is a square labelled “RAD.”
That is the radio/entertainment system also
(3a) With re-imaged BCM
the Radio can send arbitrary
3a CAN Bus Commands (2015)
(3b) (2016) spoofed
TPM speed messages…
(1) Took over the
Radio (RAD) thru
guessable pwd
3b
(2) Reimaged the V850 controller (BCM)
Gateway – had a checksum on the
images but it wasn’t used
Figure 14: Hacking a Vehicle
referred to as the head-unit, an externally
facing device that talks to the world. What
Miller and Valasek found was that the head-
unit used a guessable password.
update, Miller and Valesek had access to all
of the devices on the internal CAN bus –
those that control the operation of the car.
Unfortunately, while the update applied to
the gateway through the head-unit was
supposed to require a signed checksum, in
practice it did not and was accepted as a
This makes sense for convenience for the
dealer, service people or manufacturer, who
might need those passwords to do service on
33
Dr. Charlie Miller & Chris Valasek, “Remote Exploitation of an Unaltered Passenger Vehicle,” August 2015,
http://illmatics.com/Remote%20Car%20Hacking.pdf
34
Dr. Charlie Miller & Chris Valasek, “Advanced CAN Injection Techniques for Vehicle Networks,” 2016,
https://www.youtube.com/watch?v=4wgEmNlu20c
- 57 -
IIC Journal of Innovation