Search Results

This document describes a set of recommended actions to take to increase the likelihood of safe vehicle operation when a device (external test equipment, data collection device, etc.) whose normal operation has been compromised by a source external to the vehicle is connected to the vehicle’s diagnostic system. The term “diagnostic system” is intended to be a generic way to reference all the different ways that diagnostic commands might be injected into the system. The guidance in this document is intended to improve security without significantly impacting the ability for franchised dealer or independent aftermarket external test tools to perform legitimate diagnosis and maintenance functions. The goal is that intrusive services are only allowed to be performed when the vehicle is in a Safe State such that even if the intrusive service were to be initiated with adversarial intent the consequences of such a service would still be acceptable.

This Task Force under the Data Link Connector Vehicle Security Committee will review and memorialize starting with an Information Report the status at the time of publication of secure diagnostic access to in-vehicle networks. The TF will consider expanding the diagnostic scope beyond the Data Link Connector (DLC) / OBD-II port to encompass all diagnostic access whether physically wired, or wireless. With the introductions of battery electric vehicles (BEVs), the TF should review and consider various off-board communication diagnostics (e.g., connections to battery pack). If diagnostic data or information is eventually moved to other wired or wireless ports, or “links” in the future, then a more generalized process may be considered. The TF may consider Terms & Definitions to be memorialized and will concentrate on what is especially meant by “wireless” and/or “wireless diagnostic” etc.

This document describes some of the actions that should be taken to help ensure safe vehicle operation in the case that any such connected device (external test equipment, connected data collection device) has been compromised by a source external to the vehicle. In particular, this document describes those actions specifically related to SAE J1979, ISO 15765, and ISO 14229 standardized diagnostic services. Generally, the following forms of communication bus connection topologies are used in current vehicles: a Open access to communication buses b Communication buses isolated via a gateway c Hybrid combinations of a. and b.