The Vehicle May Be Sick: Denial of Diagnostic Services by Exploiting the CAN Transport Protocol

Huy Kang Kim; Seonghoon Jeong; Seungjin Baek

arxiv: 2604.23617 · v1 · submitted 2026-04-26 · 💻 cs.CR

The Vehicle May Be Sick: Denial of Diagnostic Services by Exploiting the CAN Transport Protocol

Seungjin Baek , Seonghoon Jeong , Huy Kang Kim This is my paper

Pith reviewed 2026-05-08 05:54 UTC · model grok-4.3

classification 💻 cs.CR

keywords automotive securityCAN busISO 15765-2UDS protocoldenial of servicevehicle diagnosticstransport layer attackscybersecurity

0 comments

The pith

Manipulating the CAN transport protocol enables denial of vehicle diagnostic services and concealment of faults.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper aims to establish that the ISO 15765-2 transport protocol, which carries Unified Diagnostic Services messages over the CAN bus, contains exploitable mechanisms that let attackers block or corrupt diagnostic sessions. By interfering with flow control frames, sequence numbers in consecutive frames, and error handling rules, certain manipulations cause diagnostic tools to fail or return false information about vehicle conditions. A sympathetic reader would care because these diagnostics are the main way technicians and drivers detect safety-critical faults and sensor problems in modern vehicles. The authors test eight scenarios on a real passenger vehicle with two standard diagnostic tools and confirm that three succeed in producing abnormal results such as hidden faults and altered sensor readings.

Core claim

We identify eight novel attack scenarios that exploit specific transport layer mechanisms in the ISO 15765-2 standard, including Flow Control manipulation, Sequence Number violations, and error handling abuses. We evaluate these attacks on a real passenger vehicle using two distinct diagnostic tools to demonstrate their practical impact. Our results confirm that three of these attack scenarios successfully induce denial of diagnostic services, leading to abnormal diagnostic results such as concealed faults and manipulated sensor readings.

What carries the argument

The transport layer mechanisms in ISO 15765-2 for segmenting and reassembling diagnostic messages over CAN, specifically Flow Control frames that manage data flow, Sequence Numbers that order consecutive frames, and procedures for handling protocol errors.

If this is right

Three attack scenarios successfully induce denial of diagnostic services on a real vehicle.
Abnormal diagnostic results include concealed faults that remain hidden from technicians.
Sensor readings can be manipulated to show incorrect values during diagnostics.
Technicians and drivers can be deceived about the true state of the vehicle.
Undetected faults create potential safety risks for the vehicle and its occupants.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Automotive systems could add basic validation or rate-limiting on diagnostic traffic to block these specific manipulations.
Future revisions of ISO 15765-2 might incorporate integrity checks or session authentication to close the identified gaps.
Similar transport-layer weaknesses could affect other CAN-based systems beyond passenger vehicles, such as commercial fleets or industrial equipment.
Intrusion detection tuned to CAN frame sequences might detect these attacks in real time before they complete.

Load-bearing premise

The identified attack scenarios on Flow Control, Sequence Number, and error handling in ISO 15765-2 can be reliably executed against real vehicles using standard diagnostic tools without additional defenses or variations in implementation.

What would settle it

Running the eight attack scenarios against a vehicle whose diagnostic ECU or tool enforces strict validation of flow control frames and sequence numbers and checking whether any denial of diagnostic service still occurs.

Figures

Figures reproduced from arXiv: 2604.23617 by Huy Kang Kim, Seonghoon Jeong, Seungjin Baek.

**Figure 1.** Figure 1: Benign transmission sequence and the adversary view at source ↗

**Figure 2.** Figure 2: Data field structures for SF, FF, CF, and FC frames view at source ↗

**Figure 3.** Figure 3: Detailed flow of ISO 15765-2 standard based attack scenarios view at source ↗

**Figure 4.** Figure 4: The setup also configures an OBDSCAN4.0 diagnostic tool based on ELM327 instead of G-Scan3. Laptop view at source ↗

**Figure 5.** Figure 5: CAN message traces for normal communication and each attack scenario. Green and red markers indicate view at source ↗

read the original abstract

Vehicle diagnostics has become essential for detecting in-vehicle errors and ensuring safety. While the Unified Diagnostic Services (UDS) protocol is widely adopted for diagnostic operations, it relies on the ISO 15765-2 standard as the transport protocol over the Controller Area Network (CAN), which was designed without inherent security considerations. In this paper, we identify eight novel attack scenarios that exploit specific transport layer mechanisms in the ISO 15765-2 standard, including Flow Control manipulation, Sequence Number violations, and error handling abuses. We evaluate these attacks on a real passenger vehicle using two distinct diagnostic tools to demonstrate their practical impact. Our results confirm that three of these attack scenarios successfully induce denial of diagnostic services, leading to abnormal diagnostic results such as concealed faults and manipulated sensor readings. These findings highlight critical vulnerabilities that can deceive technicians and drivers, potentially exposing vehicles to significant safety risks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper demonstrates three working attacks on vehicle diagnostics by abusing ISO 15765-2 transport mechanisms on a real car, but the single-vehicle test leaves generalizability open.

read the letter

The main thing to know is that the authors lay out eight attack scenarios against the ISO 15765-2 transport layer used for UDS diagnostics over CAN, then show that three of them succeed in practice. They get denial-of-service effects that hide faults or alter sensor data when run against a passenger vehicle with two different diagnostic tools. That hands-on result is the useful part here. Most papers on CAN issues stay at the level of description or simulation, so the concrete test on actual hardware gives the claims some grounding. The attack ideas around flow control manipulation, sequence number violations, and error handling abuses are spelled out clearly enough that someone familiar with the protocol can follow the logic. The evaluation setup with real tools also shows the attacks are not just theoretical edge cases. The soft spot is the narrow test base. Everything comes from one unspecified vehicle, with no details on the model, ECU firmware, or whether other implementations behave the same way. ISO 15765-2 timing and recovery rules vary across vendors, and the paper does not test against cars that might have extra checks in place. Only three of the eight scenarios worked, and without numbers on consistency or failure cases it is hard to judge how reliable the attacks would be in the field. This paper is for researchers and engineers who work on automotive network security or diagnostic tool design. A reader who needs to understand protocol-level weaknesses in vehicle diagnostics would pick up usable details from the attack descriptions and the real-car results. It deserves a serious referee because the empirical demonstration is concrete and the protocol targets are well-defined, even if more vehicles and implementation variants would make the claims stronger. I would recommend sending it to peer review with a request for expanded testing and clearer vehicle specifics.

Referee Report

2 major / 2 minor

Summary. The paper identifies eight novel attack scenarios exploiting transport-layer mechanisms in ISO 15765-2 (Flow Control manipulation, Sequence Number violations, and error-handling abuses) over CAN. It evaluates these on a real passenger vehicle using two standard diagnostic tools and reports that three scenarios succeed in inducing denial of diagnostic services, producing abnormal results such as concealed faults and manipulated sensor readings.

Significance. If the empirical results hold, the work provides concrete evidence that diagnostic services relying on ISO 15765-2 can be disrupted in practice, potentially misleading technicians and affecting vehicle safety. The use of real-vehicle testing with off-the-shelf tools is a positive aspect that grounds the attacks in realistic conditions rather than simulation alone.

major comments (2)

Evaluation section: The experiments are performed on a single unspecified passenger vehicle and two diagnostic tools. Because ISO 15765-2 implementations vary in Flow Control timing, Sequence Number recovery, and error behavior across ECUs and manufacturers, the central claim that the three attacks reliably produce denial of diagnostic services requires testing on additional vehicles or ECUs to establish generalizability.
Attack implementation details: The manuscript describes eight scenarios but provides limited specifics on exact packet sequences, timing parameters, or success/error rates for the three successful cases. Without these, it is difficult to assess reproducibility or confirm that the observed effects are due to the claimed transport-layer exploits rather than tool- or vehicle-specific quirks.

minor comments (2)

The abstract and introduction should explicitly reference the relevant subsections of ISO 15765-2 (e.g., Flow Control frame formats and Sequence Number rules) to allow readers to map the attacks directly to the standard.
Figure captions and tables summarizing attack outcomes would benefit from clearer labeling of which diagnostic tool produced which result and whether any baseline (no-attack) runs were performed for comparison.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive review. The comments highlight important aspects of generalizability and reproducibility that we will address in the revision. Below we respond point by point to the major comments.

read point-by-point responses

Referee: Evaluation section: The experiments are performed on a single unspecified passenger vehicle and two diagnostic tools. Because ISO 15765-2 implementations vary in Flow Control timing, Sequence Number recovery, and error behavior across ECUs and manufacturers, the central claim that the three attacks reliably produce denial of diagnostic services requires testing on additional vehicles or ECUs to establish generalizability.

Authors: We agree that evaluation on a single vehicle limits the strength of claims about reliability across the automotive ecosystem. Our choice of one real passenger vehicle and two off-the-shelf diagnostic tools was deliberate to ground the attacks in practical conditions rather than simulation. We cannot perform additional vehicle testing at this stage. In the revised manuscript we will (1) explicitly state this as a limitation in the Evaluation and Conclusion sections, (2) add a discussion of how Flow Control timing, sequence recovery, and error handling can differ across ECUs and manufacturers, and (3) qualify the central claim to reflect that the three attacks succeeded on the tested platform while noting that broader validation would be valuable future work. revision: partial
Referee: Attack implementation details: The manuscript describes eight scenarios but provides limited specifics on exact packet sequences, timing parameters, or success/error rates for the three successful cases. Without these, it is difficult to assess reproducibility or confirm that the observed effects are due to the claimed transport-layer exploits rather than tool- or vehicle-specific quirks.

Authors: We accept that the current level of detail is insufficient for independent reproduction. In the revised version we will add an appendix containing the exact CAN frame sequences, inter-frame timing values, and observed success rates (including number of trials) for the three attacks that produced denial-of-service effects. We will also include a short description of how we verified that the diagnostic anomalies were caused by the transport-layer violations rather than tool or vehicle artifacts. revision: yes

Circularity Check

0 steps flagged

Empirical attack demonstration with no derivations or self-referential predictions

full rationale

The paper identifies eight attack scenarios on ISO 15765-2 mechanisms and evaluates three of them via direct testing on a real passenger vehicle using diagnostic tools. No equations, fitted parameters, predictions, or uniqueness theorems appear in the provided text. Results rest on empirical observation rather than any chain that reduces to its own inputs by construction. No self-citations are load-bearing for any derivation because none exist. This is a standard non-circular empirical security paper.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

This is an empirical security analysis identifying protocol exploits with no mathematical model, fitted parameters, or new postulated entities; it relies on standard assumptions about CAN bus usage in vehicles and the ISO 15765-2 specification.

pith-pipeline@v0.9.0 · 5450 in / 1153 out tokens · 42452 ms · 2026-05-08T05:54:21.122601+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

25 extracted references · 25 canonical work pages

[1]

IEEE Spectrum (2021),https://spectrum.ieee.org/ software-eating-car

Charette, R.N.: How software is eating the car. IEEE Spectrum (2021),https://spectrum.ieee.org/ software-eating-car

work page 2021
[2]

In: Proceedings of the Sympo- sium on Vehicle Security and Privacy (VehicleSec)

Chatterjee, R., Green, C., Daily, J.: Exploiting diag- nostic protocol vulnerabilities on embedded networks in commercial vehicles. In: Proceedings of the Sympo- sium on Vehicle Security and Privacy (VehicleSec). pp. 1–12 (2024)

work page 2024
[3]

In: Proceed- ingsofthe20thUSENIXSecuritySymposium.pp.1–16 (2011)

Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceed- ingsofthe20thUSENIXSecuritySymposium.pp.1–16 (2011)

work page 2011
[4]

In: Proceedings of the International Conference on Computational Science and Computa- tional Intelligence (CSCI)

Dürrwang, J., Braun, J., Rumez, M., Kriesten, R.: Se- curity evaluation of an airbag-ecu by reusing threat modeling artefacts. In: Proceedings of the International Conference on Computational Science and Computa- tional Intelligence (CSCI). pp. 11–18 (2017)

work page 2017
[5]

IEEE Access

Gesteira-Miñarro,R.,Gutiérrez,I.,Palacios,R.,López, G.: pwnobd: Offensive cybersecurity toolkit for vulner- ability analysis and penetration testing of obd-ii de- vices. IEEE Access. pp. 126925–126934 (2025)

work page 2025
[6]

In: Proceedings of the DEFCON 32 Car Hacking Village (2024), https://www.carhackingvillage.com/defcon-32- talks#button-block-yui_3_17_2_1_1721393317940_ 63666-2

Han, S., Oh, S., Song, J.: Udsoncan attacks: Discov- ering safety-critical risks by fuzzing. In: Proceedings of the DEFCON 32 Car Hacking Village (2024), https://www.carhackingvillage.com/defcon-32- talks#button-block-yui_3_17_2_1_1721393317940_ 63666-2

work page 2024
[7]

In: Pro- ceedings of the 23rd European Symposium on Research in Computer Security (ESORICS)

Van den Herrewegen, J., Garcia, F.D.: Beneath the bonnet: A breakdown of diagnostic security. In: Pro- ceedings of the 23rd European Symposium on Research in Computer Security (ESORICS). pp. 305–324 (2018)

work page 2018
[8]

Stan- dard ISO 27145-3, International Organization for Stan- dardization (2012),https://www.iso.org/standard/ 46277.html

International Organization for Standardization: Road vehicles – implementation of world-wide harmonized on-board diagnostics (wwh-obd) communication re- quirements part 3: Common message dictionary. Stan- dard ISO 27145-3, International Organization for Stan- dardization (2012),https://www.iso.org/standard/ 46277.html

work page 2012
[9]

Standard ISO 14229-1, Interna- tional Organization for Standardization (2020),https: //www.iso.org/standard/72439.html

International Organization for Standardization: Road vehicles – unified diagnostic services (uds) part 1: Application layer. Standard ISO 14229-1, Interna- tional Organization for Standardization (2020),https: //www.iso.org/standard/72439.html

work page 2020
[10]

Standard ISO 15765-4, In- ternational Organization for Standardization (2021), https://www.iso.org/standard/78384.html

International Organization for Standardization: Road vehicles – diagnostic communication over controller area network (docan) part 4: Requirements for emissions-related systems. Standard ISO 15765-4, In- ternational Organization for Standardization (2021), https://www.iso.org/standard/78384.html

work page 2021
[11]

Standard ISO 15765-2, Interna- tional Organization for Standardization (2024),https: //www.iso.org/standard/84211.html

International Organization for Standardization: Road vehicles – diagnostic communication over controller area network (docan) part 2: Transport protocol and network layer services. Standard ISO 15765-2, Interna- tional Organization for Standardization (2024),https: //www.iso.org/standard/84211.html

work page 2024
[12]

Kiley, P.: The uds security model of the tesla can bus and battery management system. In: Pro- ceedings of the RSA Conference (2021),https: //www.rsaconference.com/Library/presentation/ USA/2021/the-uds-security-model-of-the-tesla- can-bus-and-battery-management-system

work page 2021
[13]

In: Proceedings of the IEEE 89th Vehicular Technology Conference (VTC2019- Spring)

Kurachi, R., Takada, H., Takei, K., Iinuma, T., Satoh, Y., Nakano, M., Matsushima, H., Anzai, J., Nakano, T.: Evaluation of security access service in automotive diagnostic communication. In: Proceedings of the IEEE 89th Vehicular Technology Conference (VTC2019- Spring). pp. 1–7 (2019)

work page 2019
[14]

McKinsey & Company: The case for an end- to-end automotive-software platform.https: //www.mckinsey.com/industries/automotive- and-assembly/our-insights/the-case-for-an- end-to-end-automotive-software-platform(2022)

work page 2022
[15]

In: Proceedings of the Black Hat USA

Nie, S., Liu, L., Du, Y.: Free-fall: Hacking tesla from wireless to can bus. In: Proceedings of the Black Hat USA. pp. 1–16 (2017)

work page 2017
[16]

In: Proceedings of the 5th International Conference on Internet of Things, Automation and Ar- tificial Intelligence (IoTAAI 2023)

Ren, S., Guo, Z., Ning, Y., Yu, Q., Yu, L.: In-vehicle network attack based on can and uds: Demonstration and analysis. In: Proceedings of the 5th International Conference on Internet of Things, Automation and Ar- tificial Intelligence (IoTAAI 2023). pp. 23–29 (2023)

work page 2023
[17]

Standard SAE J1979-2, SAE International (2021),https://doi.org/10.4271/J1979-2_202104

SAE International: E/e diagnostic test modes: Ob- donuds. Standard SAE J1979-2, SAE International (2021),https://doi.org/10.4271/J1979-2_202104

work page doi:10.4271/j1979-2_202104 2021
[18]

Stan- dard SAE J1979, SAE International (2025),https: //doi.org/10.4271/J1979_202505

SAE International: E/e diagnostic test modes. Stan- dard SAE J1979, SAE International (2025),https: //doi.org/10.4271/J1979_202505

work page doi:10.4271/j1979_202505 2025
[19]

In: Proceedings of the Black Hat USA

Valasek, C., Miller, C.: A survey of remote automotive attack surfaces. In: Proceedings of the Black Hat USA. pp. 1–94 (2014)

work page 2014
[20]

In: Proceedings of the Black Hat USA

Valasek, C., Miller, C.: Remote exploitation of an un- altered passenger vehicle. In: Proceedings of the Black Hat USA. pp. 1–91 (2015)

work page 2015
[21]

In: Proceedings of the ACM Com- puter Science in Cars Symposium (CSCS)

Weiss, N., Renner, S., Mottok, J., Matoušek, V.: Trans- port layer scanning for attack surface detection in ve- hicular networks. In: Proceedings of the ACM Com- puter Science in Cars Symposium (CSCS). pp. 1–8 (2020)

work page 2020
[22]

In: Pro- ceedings of the 29th USENIX Security Symposium

Wen, H., Chen, Q.A., Lin, Z.: Plug-n-pwned: Compre- hensive vulnerability analysis of obd-ii dongles as a new over-the-air attack surface in automotive iot. In: Pro- ceedings of the 29th USENIX Security Symposium. pp. 949–965 (2020)

work page 2020
[23]

In: Proceedings of the 19th Inter- The Vehicle May Be Sick 11 national Conference on Emerging Security Informa- tion, Systems and Technologies (SECURWARE 2025)

Yekta, A.R., Loza, N., Gramm, J., Schneider, M.P., Katzenbeisser, S.: From ecu to vsoc: Uds security mon- itoring strategies. In: Proceedings of the 19th Inter- The Vehicle May Be Sick 11 national Conference on Emerging Security Informa- tion, Systems and Technologies (SECURWARE 2025). pp. 1–8 (2025)

work page 2025
[24]

In: Pro- ceedings of the 10th IEEE International Workshop on Cyber-Physical Systems Security (CPS-Sec)

Yekta, A.R., Loza, N., Schneider, M.P., Gramm, J., Katzenbeisser, S.: Uds attack taxonomy: Systematic classification of vehicle diagnostic threats. In: Pro- ceedings of the 10th IEEE International Workshop on Cyber-Physical Systems Security (CPS-Sec). pp. 1–8 (2025)

work page 2025
[25]

IFAC PapersOnLine 51-6 pp

Yushev, A., Barghash, M., Nguyen, M.P., Walz, A., Sikora, A.: Tls-over-can: An experimental study of internet-grade end-to-end communication security for can networks. IFAC PapersOnLine 51-6 pp. 96–101 (2018)

work page 2018

[1] [1]

IEEE Spectrum (2021),https://spectrum.ieee.org/ software-eating-car

Charette, R.N.: How software is eating the car. IEEE Spectrum (2021),https://spectrum.ieee.org/ software-eating-car

work page 2021

[2] [2]

In: Proceedings of the Sympo- sium on Vehicle Security and Privacy (VehicleSec)

Chatterjee, R., Green, C., Daily, J.: Exploiting diag- nostic protocol vulnerabilities on embedded networks in commercial vehicles. In: Proceedings of the Sympo- sium on Vehicle Security and Privacy (VehicleSec). pp. 1–12 (2024)

work page 2024

[3] [3]

In: Proceed- ingsofthe20thUSENIXSecuritySymposium.pp.1–16 (2011)

Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceed- ingsofthe20thUSENIXSecuritySymposium.pp.1–16 (2011)

work page 2011

[4] [4]

In: Proceedings of the International Conference on Computational Science and Computa- tional Intelligence (CSCI)

Dürrwang, J., Braun, J., Rumez, M., Kriesten, R.: Se- curity evaluation of an airbag-ecu by reusing threat modeling artefacts. In: Proceedings of the International Conference on Computational Science and Computa- tional Intelligence (CSCI). pp. 11–18 (2017)

work page 2017

[5] [5]

IEEE Access

Gesteira-Miñarro,R.,Gutiérrez,I.,Palacios,R.,López, G.: pwnobd: Offensive cybersecurity toolkit for vulner- ability analysis and penetration testing of obd-ii de- vices. IEEE Access. pp. 126925–126934 (2025)

work page 2025

[6] [6]

In: Proceedings of the DEFCON 32 Car Hacking Village (2024), https://www.carhackingvillage.com/defcon-32- talks#button-block-yui_3_17_2_1_1721393317940_ 63666-2

Han, S., Oh, S., Song, J.: Udsoncan attacks: Discov- ering safety-critical risks by fuzzing. In: Proceedings of the DEFCON 32 Car Hacking Village (2024), https://www.carhackingvillage.com/defcon-32- talks#button-block-yui_3_17_2_1_1721393317940_ 63666-2

work page 2024

[7] [7]

In: Pro- ceedings of the 23rd European Symposium on Research in Computer Security (ESORICS)

Van den Herrewegen, J., Garcia, F.D.: Beneath the bonnet: A breakdown of diagnostic security. In: Pro- ceedings of the 23rd European Symposium on Research in Computer Security (ESORICS). pp. 305–324 (2018)

work page 2018

[8] [8]

Stan- dard ISO 27145-3, International Organization for Stan- dardization (2012),https://www.iso.org/standard/ 46277.html

International Organization for Standardization: Road vehicles – implementation of world-wide harmonized on-board diagnostics (wwh-obd) communication re- quirements part 3: Common message dictionary. Stan- dard ISO 27145-3, International Organization for Stan- dardization (2012),https://www.iso.org/standard/ 46277.html

work page 2012

[9] [9]

Standard ISO 14229-1, Interna- tional Organization for Standardization (2020),https: //www.iso.org/standard/72439.html

International Organization for Standardization: Road vehicles – unified diagnostic services (uds) part 1: Application layer. Standard ISO 14229-1, Interna- tional Organization for Standardization (2020),https: //www.iso.org/standard/72439.html

work page 2020

[10] [10]

Standard ISO 15765-4, In- ternational Organization for Standardization (2021), https://www.iso.org/standard/78384.html

International Organization for Standardization: Road vehicles – diagnostic communication over controller area network (docan) part 4: Requirements for emissions-related systems. Standard ISO 15765-4, In- ternational Organization for Standardization (2021), https://www.iso.org/standard/78384.html

work page 2021

[11] [11]

Standard ISO 15765-2, Interna- tional Organization for Standardization (2024),https: //www.iso.org/standard/84211.html

International Organization for Standardization: Road vehicles – diagnostic communication over controller area network (docan) part 2: Transport protocol and network layer services. Standard ISO 15765-2, Interna- tional Organization for Standardization (2024),https: //www.iso.org/standard/84211.html

work page 2024

[12] [12]

Kiley, P.: The uds security model of the tesla can bus and battery management system. In: Pro- ceedings of the RSA Conference (2021),https: //www.rsaconference.com/Library/presentation/ USA/2021/the-uds-security-model-of-the-tesla- can-bus-and-battery-management-system

work page 2021

[13] [13]

In: Proceedings of the IEEE 89th Vehicular Technology Conference (VTC2019- Spring)

Kurachi, R., Takada, H., Takei, K., Iinuma, T., Satoh, Y., Nakano, M., Matsushima, H., Anzai, J., Nakano, T.: Evaluation of security access service in automotive diagnostic communication. In: Proceedings of the IEEE 89th Vehicular Technology Conference (VTC2019- Spring). pp. 1–7 (2019)

work page 2019

[14] [14]

McKinsey & Company: The case for an end- to-end automotive-software platform.https: //www.mckinsey.com/industries/automotive- and-assembly/our-insights/the-case-for-an- end-to-end-automotive-software-platform(2022)

work page 2022

[15] [15]

In: Proceedings of the Black Hat USA

Nie, S., Liu, L., Du, Y.: Free-fall: Hacking tesla from wireless to can bus. In: Proceedings of the Black Hat USA. pp. 1–16 (2017)

work page 2017

[16] [16]

In: Proceedings of the 5th International Conference on Internet of Things, Automation and Ar- tificial Intelligence (IoTAAI 2023)

Ren, S., Guo, Z., Ning, Y., Yu, Q., Yu, L.: In-vehicle network attack based on can and uds: Demonstration and analysis. In: Proceedings of the 5th International Conference on Internet of Things, Automation and Ar- tificial Intelligence (IoTAAI 2023). pp. 23–29 (2023)

work page 2023

[17] [17]

Standard SAE J1979-2, SAE International (2021),https://doi.org/10.4271/J1979-2_202104

SAE International: E/e diagnostic test modes: Ob- donuds. Standard SAE J1979-2, SAE International (2021),https://doi.org/10.4271/J1979-2_202104

work page doi:10.4271/j1979-2_202104 2021

[18] [18]

Stan- dard SAE J1979, SAE International (2025),https: //doi.org/10.4271/J1979_202505

SAE International: E/e diagnostic test modes. Stan- dard SAE J1979, SAE International (2025),https: //doi.org/10.4271/J1979_202505

work page doi:10.4271/j1979_202505 2025

[19] [19]

In: Proceedings of the Black Hat USA

Valasek, C., Miller, C.: A survey of remote automotive attack surfaces. In: Proceedings of the Black Hat USA. pp. 1–94 (2014)

work page 2014

[20] [20]

In: Proceedings of the Black Hat USA

Valasek, C., Miller, C.: Remote exploitation of an un- altered passenger vehicle. In: Proceedings of the Black Hat USA. pp. 1–91 (2015)

work page 2015

[21] [21]

In: Proceedings of the ACM Com- puter Science in Cars Symposium (CSCS)

Weiss, N., Renner, S., Mottok, J., Matoušek, V.: Trans- port layer scanning for attack surface detection in ve- hicular networks. In: Proceedings of the ACM Com- puter Science in Cars Symposium (CSCS). pp. 1–8 (2020)

work page 2020

[22] [22]

In: Pro- ceedings of the 29th USENIX Security Symposium

Wen, H., Chen, Q.A., Lin, Z.: Plug-n-pwned: Compre- hensive vulnerability analysis of obd-ii dongles as a new over-the-air attack surface in automotive iot. In: Pro- ceedings of the 29th USENIX Security Symposium. pp. 949–965 (2020)

work page 2020

[23] [23]

In: Proceedings of the 19th Inter- The Vehicle May Be Sick 11 national Conference on Emerging Security Informa- tion, Systems and Technologies (SECURWARE 2025)

Yekta, A.R., Loza, N., Gramm, J., Schneider, M.P., Katzenbeisser, S.: From ecu to vsoc: Uds security mon- itoring strategies. In: Proceedings of the 19th Inter- The Vehicle May Be Sick 11 national Conference on Emerging Security Informa- tion, Systems and Technologies (SECURWARE 2025). pp. 1–8 (2025)

work page 2025

[24] [24]

In: Pro- ceedings of the 10th IEEE International Workshop on Cyber-Physical Systems Security (CPS-Sec)

Yekta, A.R., Loza, N., Schneider, M.P., Gramm, J., Katzenbeisser, S.: Uds attack taxonomy: Systematic classification of vehicle diagnostic threats. In: Pro- ceedings of the 10th IEEE International Workshop on Cyber-Physical Systems Security (CPS-Sec). pp. 1–8 (2025)

work page 2025

[25] [25]

IFAC PapersOnLine 51-6 pp

Yushev, A., Barghash, M., Nguyen, M.P., Walz, A., Sikora, A.: Tls-over-can: An experimental study of internet-grade end-to-end communication security for can networks. IFAC PapersOnLine 51-6 pp. 96–101 (2018)

work page 2018