Ethical hacking of IoT devices: OBD-II dongles

Abstract: The subject area of this project is IT security related to cars, specifically the security of devices connected through a cars OBD-II connector. The aim of the project is to see the security level of the AutoPi OBD-II unit and to analyse where potential vulnerabilities are likely to occur when in use. The device was investigated using threat modeling consisting of analysing the architecture, using the STRIDE model to see the potential attacks that could be implemented and risk assessments of the attacks using the DREAD model. After modelling the system, attempts of implementing attacks, with the basis in the threat modelling, were carried out. No major vulnerabilities were found in the AutoPi device but a MITM attack on the user was shown to be possible for an attacker to succeed with. Even though no major vulnerability was found IoT devices connected to cars might bring security concerns that needs to be looked into by companies and researchers.