A team of security researchers working for the renowned automobile maker Toyota have developed a new car hacking tool. Dubbed as PASTA (Portable Automotive Security Testbed with Adaptability), it is an open source tool created to help researchers identify the prevailing vulnerabilities in modern vehicles.
The team presented their research at the BLACKHAT EUROPE 2018, London, where they demonstrated the newly developed tool and revealed Toyota’s plans to share PASTA’s specifications on Github. Moreover, they announced that Toyota intends to sell the system in Japan initially.An intriguing fact about PASTA is that apart from its 8kg portable briefcase size, it highlights the importance of exposing flaws in the automated, internet-connected modern vehicles like never before. For an auto manufacturer, developing such a tool that helps in detecting flaws in networked features of automobiles as well as sell its specifications via open source is a huge shift.
According to [PDF] Toyota’s InfoTechnology Center member Tsuyoshi Toyama, the automobile industry has already wasted a lot of time in developing cybersecurity systems for automated vehicles. However, now mainstream automakers like Toyota are gearing up to secure their vehicles from the next-gen attack vectors. However, still, there is a dire need for security engineers who really understand auto tech.
This is why PASTA has been developed. It will serve as a helping hand for researchers to explore the way an automobile’s engine control units or ECUs operate along with how the CAN protocol is utilized for initiating communication between different components of the vehicle and to discover/test exploits and vulnerabilities.
The tool is integrated with a driving simulator program and a model car, which helps in assessing the various ways it can be used. Such as it can be used for R&D purposes to help carmakers test how a third-party feature would affect the security of the vehicle, or affect the firmware.
Toyama further explains that PASTA isn’t developed for the live, moving-car hacks like the ones performed by Chris Valasek or Charlie Miller, but to offer inexperienced researchers a reliable platform to polish their skills. It can stimulate remote operation of windows, breaks, wheels, and other features, which is a safe approach than experimenting on “the real thing.”
PASTA can also let researchers analyze LED panels, and includes a debugging or binary port, an OBDII port, and RS232C ports. It is also possible to modify the ECUs programming in C, claims Toyama. Toyama also noted that Toyota plans to add the new tool to Ethernet, CAN FD, LIN, Wi-Fi, Cellular communications, and Bluetooth features to further enhance testing scope.
PASTA is certainly a step in the right direction as it has brought the issue of automated vehicles’ cybersecurity to the limelight.
“Simulating an actual vehicle through hardware is also required for assessing threats of cyber attacks. We need not only to provide an adaptable platform for developing measures for existing cybersecurity but also simulate any function in actual vehicles using white-box ECUs,” said researchers.