Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Ethical hacking of IoT devices: OBD-II dongles
KTH, School of Electrical Engineering and Computer Science (EECS).
KTH, School of Electrical Engineering and Computer Science (EECS).
2019 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

The subject area of this project is IT security related to cars, specifically the security of devices connected through a cars OBD-II connector. The aim of the project is to see the security level of the AutoPi OBD-II unit and to analyse where potential vulnerabilities are likely to occur when in use. The device was investigated using threat modeling consisting of analysing the architecture, using the STRIDE model to see the potential attacks that could be implemented and risk assessments of the attacks using the DREAD model. After modelling the system, attempts of implementing attacks, with the basis in the threat modelling, were carried out. No major vulnerabilities were found in the AutoPi device but a MITM attack on the user was shown to be possible for an attacker to succeed with. Even though no major vulnerability was found IoT devices connected to cars might bring security concerns that needs to be looked into by companies and researchers.

Abstract [sv]

Ämnesområdet för detta projekt är ITsäkerhet relaterad till bilar, mer specifikt säkerheten gällande enheter som kopplas in i en bils OBD-II-kontakt. Syftet med uppsatsen är att bedöma säkerhetsnivån på en OBD-II-enhet av modell AutoPi och att analysera var potentiella sårbarheter kan finnas i systemet. Enheten kommer att undersökas med hjälp av hotmodellering som består av att analysera arkitekturen, använda STRIDE-modellen för att upptäcka potentiella attackmetoder samt bedöma riskerna för attackerna med hjälp av DREAD-modellen. Efter det steget görs attackförsök utifrån resultaten från hotmodelleringen. Inga större sårbarheter hittades i AutoPi-enheten men en MITM-attack på användaren visades vara möjlig för en angripare att lyckas med. Ä ven fast inga större sårbarheter hittades kan IoT-enheter kopplade till bilar medföra säkerhetsbrister som företag och forskare måste se över.

Place, publisher, year, edition, pages
2019. , p. 10
Series
TRITA-EECS-EX ; 2019:214
Keywords [en]
Hacking; OBD-II; Threat model; IoT security; AutoPi
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-254571OAI: oai:DiVA.org:kth-254571DiVA, id: diva2:1333813
Supervisors
Examiners
Available from: 2019-07-02 Created: 2019-07-02 Last updated: 2019-07-02Bibliographically approved

Open Access in DiVA

fulltext(469 kB)266 downloads
File information
File name FULLTEXT01.pdfFile size 469 kBChecksum SHA-512
e7d4fa2b187218e69f93174c4a0a397a63d34737439a8b8eabd43c35e58b1e1f540548ea2a7f5eebe656525a882b086e3214b9bda4ec0e53fa38381f28f860f7
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 266 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 472 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf