How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles

Moritz Contag, Guo Li, Andre Pawlowski, Felix Domke, Kirill Levchenko, Thorsten Holz, Stefan Savage

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an opportunity for evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when a car is undergoing an emission test and alter the behavior of the vehicle to comply with emission standards, while exceeding them during normal driving in favor of improved performance. While the use of such a defeat device by Volkswagen has brought the issue of emissions cheating to the public's attention, there have been few details about the precise nature of the defeat device, how it came to be, and its effect on vehicle behavior. In this paper, we present our analysis of two families of software defeat devices for diesel engines: one used by the Volkswagen Group to pass emissions tests in the US and Europe, and a second that we have found in Fiat Chrysler Automobiles. To carry out this analysis, we developed new static analysis firmware forensics techniques necessary to automatically identify known defeat devices and confirm their function. We tested about 900 firmware images and were able to detect a potential defeat device in more than 400 firmware images spanning eight years. We describe the precise conditions used by the firmware to detect a test cycle and how it affects engine behavior. This work frames the technical challenges faced by regulators going forward and highlights the important research agenda in providing focused software assurance in the presence of adversarial manufacturers.

Original languageEnglish (US)
Title of host publication2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages231-250
Number of pages20
ISBN (Electronic)9781509055326
DOIs
StatePublished - Jun 23 2017
Externally publishedYes
Event2017 IEEE Symposium on Security and Privacy, SP 2017 - San Jose, United States
Duration: May 22 2017May 24 2017

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011

Other

Other2017 IEEE Symposium on Security and Privacy, SP 2017
CountryUnited States
CitySan Jose
Period5/22/175/24/17

Fingerprint

Firmware
Automobiles
Engines
Environmental regulations
Static analysis
Greenhouse gases
Standardization
Diesel engines
Railroad cars
Controllers
Testing

Keywords

  • Application Security
  • Embedded Systems Security
  • Forensics
  • Malware and Unwanted Software
  • Network and Systems Security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Cite this

Contag, M., Li, G., Pawlowski, A., Domke, F., Levchenko, K., Holz, T., & Savage, S. (2017). How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles. In 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings (pp. 231-250). [7958580] (Proceedings - IEEE Symposium on Security and Privacy). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2017.66

How They Did It : An Analysis of Emission Defeat Devices in Modern Automobiles. / Contag, Moritz; Li, Guo; Pawlowski, Andre; Domke, Felix; Levchenko, Kirill; Holz, Thorsten; Savage, Stefan.

2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017. p. 231-250 7958580 (Proceedings - IEEE Symposium on Security and Privacy).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Contag, M, Li, G, Pawlowski, A, Domke, F, Levchenko, K, Holz, T & Savage, S 2017, How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles. in 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings., 7958580, Proceedings - IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., pp. 231-250, 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, United States, 5/22/17. https://doi.org/10.1109/SP.2017.66
Contag M, Li G, Pawlowski A, Domke F, Levchenko K, Holz T et al. How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles. In 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2017. p. 231-250. 7958580. (Proceedings - IEEE Symposium on Security and Privacy). https://doi.org/10.1109/SP.2017.66
Contag, Moritz ; Li, Guo ; Pawlowski, Andre ; Domke, Felix ; Levchenko, Kirill ; Holz, Thorsten ; Savage, Stefan. / How They Did It : An Analysis of Emission Defeat Devices in Modern Automobiles. 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 231-250 (Proceedings - IEEE Symposium on Security and Privacy).
@inproceedings{6465817c33014ca8b5cdb98fbbc06e8e,
title = "How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles",
abstract = "Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an opportunity for evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when a car is undergoing an emission test and alter the behavior of the vehicle to comply with emission standards, while exceeding them during normal driving in favor of improved performance. While the use of such a defeat device by Volkswagen has brought the issue of emissions cheating to the public's attention, there have been few details about the precise nature of the defeat device, how it came to be, and its effect on vehicle behavior. In this paper, we present our analysis of two families of software defeat devices for diesel engines: one used by the Volkswagen Group to pass emissions tests in the US and Europe, and a second that we have found in Fiat Chrysler Automobiles. To carry out this analysis, we developed new static analysis firmware forensics techniques necessary to automatically identify known defeat devices and confirm their function. We tested about 900 firmware images and were able to detect a potential defeat device in more than 400 firmware images spanning eight years. We describe the precise conditions used by the firmware to detect a test cycle and how it affects engine behavior. This work frames the technical challenges faced by regulators going forward and highlights the important research agenda in providing focused software assurance in the presence of adversarial manufacturers.",
keywords = "Application Security, Embedded Systems Security, Forensics, Malware and Unwanted Software, Network and Systems Security",
author = "Moritz Contag and Guo Li and Andre Pawlowski and Felix Domke and Kirill Levchenko and Thorsten Holz and Stefan Savage",
year = "2017",
month = "6",
day = "23",
doi = "10.1109/SP.2017.66",
language = "English (US)",
series = "Proceedings - IEEE Symposium on Security and Privacy",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "231--250",
booktitle = "2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings",
address = "United States",

}

TY - GEN

T1 - How They Did It

T2 - An Analysis of Emission Defeat Devices in Modern Automobiles

AU - Contag, Moritz

AU - Li, Guo

AU - Pawlowski, Andre

AU - Domke, Felix

AU - Levchenko, Kirill

AU - Holz, Thorsten

AU - Savage, Stefan

PY - 2017/6/23

Y1 - 2017/6/23

N2 - Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an opportunity for evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when a car is undergoing an emission test and alter the behavior of the vehicle to comply with emission standards, while exceeding them during normal driving in favor of improved performance. While the use of such a defeat device by Volkswagen has brought the issue of emissions cheating to the public's attention, there have been few details about the precise nature of the defeat device, how it came to be, and its effect on vehicle behavior. In this paper, we present our analysis of two families of software defeat devices for diesel engines: one used by the Volkswagen Group to pass emissions tests in the US and Europe, and a second that we have found in Fiat Chrysler Automobiles. To carry out this analysis, we developed new static analysis firmware forensics techniques necessary to automatically identify known defeat devices and confirm their function. We tested about 900 firmware images and were able to detect a potential defeat device in more than 400 firmware images spanning eight years. We describe the precise conditions used by the firmware to detect a test cycle and how it affects engine behavior. This work frames the technical challenges faced by regulators going forward and highlights the important research agenda in providing focused software assurance in the presence of adversarial manufacturers.

AB - Modern vehicles are required to comply with a range of environmental regulations limiting the level of emissions for various greenhouse gases, toxins and particulate matter. To ensure compliance, regulators test vehicles in controlled settings and empirically measure their emissions at the tailpipe. However, the black box nature of this testing and the standardization of its forms have created an opportunity for evasion. Using modern electronic engine controllers, manufacturers can programmatically infer when a car is undergoing an emission test and alter the behavior of the vehicle to comply with emission standards, while exceeding them during normal driving in favor of improved performance. While the use of such a defeat device by Volkswagen has brought the issue of emissions cheating to the public's attention, there have been few details about the precise nature of the defeat device, how it came to be, and its effect on vehicle behavior. In this paper, we present our analysis of two families of software defeat devices for diesel engines: one used by the Volkswagen Group to pass emissions tests in the US and Europe, and a second that we have found in Fiat Chrysler Automobiles. To carry out this analysis, we developed new static analysis firmware forensics techniques necessary to automatically identify known defeat devices and confirm their function. We tested about 900 firmware images and were able to detect a potential defeat device in more than 400 firmware images spanning eight years. We describe the precise conditions used by the firmware to detect a test cycle and how it affects engine behavior. This work frames the technical challenges faced by regulators going forward and highlights the important research agenda in providing focused software assurance in the presence of adversarial manufacturers.

KW - Application Security

KW - Embedded Systems Security

KW - Forensics

KW - Malware and Unwanted Software

KW - Network and Systems Security

UR - http://www.scopus.com/inward/record.url?scp=85024494712&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85024494712&partnerID=8YFLogxK

U2 - 10.1109/SP.2017.66

DO - 10.1109/SP.2017.66

M3 - Conference contribution

AN - SCOPUS:85024494712

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 231

EP - 250

BT - 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -