TY - GEN
T1 - How They Did It
T2 - 2017 IEEE Symposium on Security and Privacy, SP 2017
AU - Contag, Moritz
AU - Li, Guo
AU - Pawlowski, Andre
AU - Domke, Felix
AU - Levchenko, Kirill
AU - Holz, Thorsten
AU - Savage, Stefan
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/6/23
Y1 - 2017/6/23
N2 - Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an opportunity for evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when a car is undergoing an emission test and alter the behavior of the vehicle to comply with emission standards, while exceeding them during normal driving in favor of improved performance. While the use of such a defeat device by Volkswagen has brought the issue of emissions cheating to the public's attention, there have been few details about the precise nature of the defeat device, how it came to be, and its effect on vehicle behavior. In this paper, we present our analysis of two families of software defeat devices for diesel engines: one used by the Volkswagen Group to pass emissions tests in the US and Europe, and a second that we have found in Fiat Chrysler Automobiles. To carry out this analysis, we developed new static analysis firmware forensics techniques necessary to automatically identify known defeat devices and confirm their function. We tested about 900 firmware images and were able to detect a potential defeat device in more than 400 firmware images spanning eight years. We describe the precise conditions used by the firmware to detect a test cycle and how it affects engine behavior. This work frames the technical challenges faced by regulators going forward and highlights the important research agenda in providing focused software assurance in the presence of adversarial manufacturers.
AB - Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an opportunity for evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when a car is undergoing an emission test and alter the behavior of the vehicle to comply with emission standards, while exceeding them during normal driving in favor of improved performance. While the use of such a defeat device by Volkswagen has brought the issue of emissions cheating to the public's attention, there have been few details about the precise nature of the defeat device, how it came to be, and its effect on vehicle behavior. In this paper, we present our analysis of two families of software defeat devices for diesel engines: one used by the Volkswagen Group to pass emissions tests in the US and Europe, and a second that we have found in Fiat Chrysler Automobiles. To carry out this analysis, we developed new static analysis firmware forensics techniques necessary to automatically identify known defeat devices and confirm their function. We tested about 900 firmware images and were able to detect a potential defeat device in more than 400 firmware images spanning eight years. We describe the precise conditions used by the firmware to detect a test cycle and how it affects engine behavior. This work frames the technical challenges faced by regulators going forward and highlights the important research agenda in providing focused software assurance in the presence of adversarial manufacturers.
KW - Application Security
KW - Embedded Systems Security
KW - Forensics
KW - Malware and Unwanted Software
KW - Network and Systems Security
UR - http://www.scopus.com/inward/record.url?scp=85024494712&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85024494712&partnerID=8YFLogxK
U2 - 10.1109/SP.2017.66
DO - 10.1109/SP.2017.66
M3 - Conference contribution
AN - SCOPUS:85024494712
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 231
EP - 250
BT - 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 May 2017 through 24 May 2017
ER -