VehicleSec '25 Demo and Poster Session

Robotic Vehicles (RVs), particularly drones, represent critical cyber-physical systems that are fundamentally dependent on network connectivity for operation and thus susceptible to network-based cyber-attacks. While such drone-targeted cyber-attacks have been considerably studied in literature, we find that the majority (76.3%) of them focus on the cyber-vulnerability discovery and validation only without any experimental understanding of whether such cyber-attacks can indeed cause meaningful physical impacts at the end-to-end RV system operation level; in fact, some of them (26.3%) do not even describe the potential of causing such end-to-end physical impacts. In this work, we present CPExploiter, a novel framework to systematically reveal how network-based cyber vulnerabilities in RVs can escalate into severe physical failures. It uses structured VEI scenarios and automates escalation discovery via UAV-specific parameters, guided in part by Large Language Models (LLMs), to expose cascading failure patterns and high-severity outcomes at the system level. This demonstration will include videos and figures of CPExploiter in action, showcasing the structured mapping of Vulnerability-Exploit-Impact (VEI) scenarios, automated discovery of escalation paths, and validation of end-to-end physical impacts through both Software-in-the-Loop (SITL) simulation and real-world UAV experimentation.

California Senate Bill 210 (SB 210), enacted in 2019, mandates the California Air Resources Board (CARB) to enforce emissions compliance through either remotely connected continuous monitoring devices or non-continuous plug-in devices. This led to the establishment of the Clean Truck Check (CTC) program. Most non-continuous plug-in devices achieve emissions data collection via RP1210-based diagnostic tools running on Windows environments. However, these compliance inspection mechanisms inherently trust data from third-party vehicle diagnostic adapters (VDAs), which translate vehicle network messages for CARB-approved software. This trust model assumes the integrity of the RP1210 API, which lacks fundamental cybersecurity controls, leaving it vulnerable to DLL hijacking attacks.

This demonstration exposes a critical security weakness in the CARB Clean Truck Check trust model, showcasing how a shim DLL can intercept and manipulate emissions data before it reaches compliance software. Using both test bench and real-world vehicle configurations, this attack forges emissions reports, effectively bypassing CARB regulations without modifying vehicle hardware or firmware. The shim DLL acts as a transparent proxy, intercepting emissions-related parameters and altering the data before submission. These findings underscore the urgent need for regulatory bodies to understand the limitations of the security model upon which they build their compliance enforcement mechanisms.

This document presents a demonstration of an adversarial scenario fuzzer for testing vehicle control systems in simulated environments. The fuzzer generates adversarial teleoperation commands optimized to maximize system vulnerabilities, helping identify deficiencies in vehicle controllers. The demonstration includes an overview of the fuzzer's architecture, its workflow, and an example adversarial test case designed to assess the robustness of autonomous driving systems against malicious teleoperation inputs.

We present a framework that integrates BeamNG.tech's high-fidelity vehicle simulation environment with Comma.ai's Openpilot autonomous driving system. This framework provides an accessible platform for automotive security researchers to collect realistic telematics data, simulate in-vehicle networks, and develop security solutions without requiring access to specialized hardware. Our system bridges the gap between simplified simulations and real-world vehicle behavior, enabling a wide range of research applications in automotive as well as broader research areas such as transportation, environment and emissions related fields.

V2X communication enhances autonomous driving by extending perception beyond onboard sensors, but its security vulnerabilities pose serious risks. While prior studies have focused on individual modules like networking or perception, this study introduces V2X-SAFE, a framework for end-to-end, system-level security evaluations using a full-stack platform based on Autoware and AWSIM. Unlike existing tools, V2X-SAFE supports integrated autonomy, V2X communication, attack simulation, and evaluation. We examine two scenarios: intersection assistance and sudden obstacle detection, focusing on the impact of communication delay and packet loss from typical V2X attacks. Results show that while V2X improves early detection, security threats can significantly degrade system performance, and system-level failures do not always align with component-level metrics, underscoring the need for holistic evaluation.

Frequency modulated continuous wave(FMCW) radars are vital for advanced driver assistance systems(ADAS) but remain vulnerable to spoofing attacks that produce fake obstacles and cause false braking, while current research focuses on fixed-distance targets and it cannot generate false targets at different angles. In this work, we present GHOSTRADAR, a novel attack framework that injects signals into a victim radar to create fake objects at specific angles and distances. Using a ray-tracing mmWave radar simulator, we show GHOSTRADAR achieves an average distance error of 0.45 m and angular error of 2.67°, demonstrating precise spoofing and revealing radar vulnerabilities.

As automated driving systems (ADS) become increasingly integrated into real-world transportation, understanding how human drivers perceive and respond to system failures under adversarial conditions is critical for safety. Prior research has shown that human drivers often overestimate ADS’ capabilities and lack awareness of the systems’ vulnerabilities to adversarial attacks. In this study, we investigate the effectiveness of explanations on enhancing human drivers’ situation awareness (SA) of different adversarial attacks and their takeover performance during SAE Level 3 automated driving using a driving simulator. We varied ADS reliability within-subjects and attack type and explanation between-subjects. Our preliminary results show that the benefit of explanations appeared to vary by attack type, suggesting that certain adversarial scenarios may elicit greater SA improvement when accompanied by system-generated explanations.

This study exposes a critical privacy vulnerability affecting millions of vehicle owners: the persistence of personal data in discarded automotive infotainment systems. Our research demonstrates how easily accessible these systems are through secondary markets, where components from vehicles as recent as 2020 can be acquired for just $20-100. With minimal effort, we extracted extensive personal information including contact lists, precise location histories, and even active authentication credentials that could potentially compromise vehicles still in operation. The scale of this privacy risk is substantial—U.S. Census data shows over 150 million modern vehicles remain on American roads, with millions processed through the salvage industry annually. Unlike smartphones or computers, vehicles often remain in service for 15+ years with minimal software updates, creating an expanding universe of vulnerable platforms containing personal data. Most concerning, we found recent model vehicles (2016) running severely outdated software with known security vulnerabilities. Our findings highlight an urgent need for revised automotive privacy frameworks, mandatory secure deletion mechanisms, and industry-wide adoption of privacy-by-design principles to address this growing threat to consumer privacy and potentially physical security.

As V2X communication becomes increasingly central to Intelligent Transportation Systems (ITS), the need for robust security solutions becomes more critical. Formal verification against a reference attacker model provides one of the strongest security guarantees, for example in the case of communication protocols. Unfortunately, model checkers lack the right primitives for modeling non-Dolev-Yao attackers and non-standard communication channels. In this work, we introduce a new attacker model based on physical proximity, called Umarell, to extend the standard Dolev-Yao adversary. We provide a formalization in ProVerif and show how to model physical channels. Finally, we demonstrate our methodology through an application to a multi-factor/two-channel authentication protocol that combines Non-Line-of-Sight (NLOS) communication for secure data exchange and Line-of-Sight (LOS) communication to verify physical proximity.

Modern vehicles collect and transmit extensive personal data through embedded sensors and connected services, yet privacy implications remain poorly understood. We present a policy-level analysis of 17 major vehicle manufacturers’ U.S. privacy policies to investigate what data is collected, how it is shared, and what rights users—both primary and non-primary—are afforded. Our findings reveal that sensitive information such as geolocation, biometric identifiers, and in-cabin audio may be collected, often with vague or inconsistent disclosures. Most manufacturers share user data with third parties, and opt-out mechanisms are limited, complex, or restricted by region. Notably, policies vary in how they handle data from passengers and non-primary drivers, frequently shifting the burden of disclosure to the vehicle owner. This work highlights key transparency gaps in the automotive privacy ecosystem and motivates future studies, including user perception research and technical audits to determine whether actual data practices align with policy claims.