Make the world a safer place Menu

Talk

V2X Wardriving - They Drive, We Listen

In this talk we explore the prevalence of Vehicle-to-Everything (V2X) capabilities in modern cars, the deployment of active infrastructure components, the types of exchanged messages, and associated privacy and security concerns. We explain C-ITS standards in Europe, how to use off-the-shelf components to research protocols, present the tooling we developed and share discoveries and areas for further exploration.

The concept of Vehicle-to-Everything (V2X) has been circulating for years. It envisioned vehicles coordinating traffic among each other, traffic lights signalling green light phases and road signs warning drivers of road works even before the driver could see them. It turns out this vision quietly turned into reality in recent years: Many newer cars now feature Cooperative Intelligent Transport Systems and Services (C-ITS), meaning they have some ability to communicate with each other (Vehicle-to-Vehicle/V2V) or with the infrastructure around them (Vehicle-to-Infrastructure). But, how many cars are actually driving (on German roads) with such features enabled? Are there already any infrastructure components deployed which communicate actively? What kind of messages are exchanged if any? Are there privacy issues? What is the potential for attacks? To answer those questions, we dived into C-ITS standards implemented in Europe and how to use off-the-shelve components to research the protocols. In this talk, we will share our learnings about the protocols, explain how to build a setup for researching V2X for Europe, present our tooling we developed, and discuss what we discovered and what remains to be explored.

Agenda

  1. Motivation - Goals of V2X and History
  2. Introduction into C-ITS
    1. Competing Standards
    2. C-ITS Architecture
      1. Roles
      2. Packet Structure
      3. Types of Messages
    3. C-ITS Security & Privacy Considerations
  3. V2X Wardriving
    1. Hardware/Software Setup
      1. Hardware
      2. Software
        1. Available Open Source Software
        2. Custom C-ITS Stack with Scapy
        3. Analysis
          1. Map
          2. Possible Identification of Vehicle Models
          3. Other Observations
  4. What’s Next: Security Testing of C-ITS
    1. Approaches for Protocol Fuzzing
    2. Limitations

About the Speakers