OBD-II 设备的网络安全风险

Joaquin Torrecilla@DEKRA Testing & Certification S.A.U

汽车安全 功能安全 安全设计 自动驾驶

Cybersecurity for OBD-II devices

In the past few years, we are seeing a rise in the availability of aftermarket devices to access car data. Those devices often get connected to the car through the OBD-II port, which was originally designed for emissions testing. The OBD-II port allows access to the vehicle’s internal bus to anyone connecting to it. The initial standards that defined this port were targeting the access to emissions’ related information; although afterwards, new capabilities where added that allowed changing parameters or reprogramming the internal ECUs in the vehicle. Aftermarket OBD-II dongles provide consumers and enterprises with many useful features, but they also expose the vehicle to new risks that where not considered in the nineties, when the OBD standard was developed. In this presentation, we will review the risks associated to the connection of devices to the OBD-II port; and will discuss real-life examples of vulnerabilities affecting this type of devices.

在过去的几年中，获取汽车售后数据的设备供应需求显著增加。这些设备通常通过OBD-II 接口连接到汽 车上，该端口最初是为排放测试而设计的。 OBD-II 端口允许对连接到它的任何设备访问车辆的内部总线。定义这个港口的最初标准是针对排放的相关 信息；尽管之后，添加了新的功能，并允许更改参数或重新编程车辆内部的ECUs。 汽车售后市场为消费者和企业提供了许多有用的功能，但同时也暴露了汽车的新风险，而在90 年代，当 OBD 标准被开发出来的时候，这些风险就没有被考虑过了。 在这次的演讲中，我们将回顾与OBD-II 端口连接设备相关的风险，并将讨论影响这类设备的脆弱性的真 实示例。

http://www.sae.org.cn/events/avst?tab=278