Paper 2015/419

Non-invasive Spoofing Attacks for Anti-lock Braking Systems

Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani B. Srivastava


This work exposes a largely unexplored vector of physical-layer attacks with demonstrated consequences in automobiles. By modifying the physical environment around analog sensors such as Antilock Braking Systems (ABS), we exploit weaknesses in wheel speed sensors so that a malicious attacker can inject arbitrary measurements to the ABS computer which in turn can cause life-threatening situations. In this paper, we describe the development of a prototype ABS spoofer to enable such attacks and the potential consequences of remaining vulnerable to these attacks. The class of sensors sensitive to these attacks depends on the physics of the sensors themselves. ABS relies on magnetic--based wheel speed sensors which are exposed to an external attacker from underneath the body of a vehicle. By placing a thin electromagnetic actuator near the ABS wheel speed sensors, we demonstrate one way in which an attacker can inject magnetic fields to both cancel the true measured signal and inject a malicious signal, thus spoofing the measured wheel speeds. The mounted attack is of a non-invasive nature, requiring no tampering with ABS hardware and making it harder for failure and/or intrusion detection mechanisms to detect the existence of such an attack. This development explores two types of attacks: a disruptive, naive attack aimed to corrupt the measured wheel speed by overwhelming the original signal and a more advanced spoofing attack, designed to inject a counter-signal such that the braking system mistakenly reports a specific velocity. We evaluate the proposed ABS spoofer module using industrial ABS sensors and wheel speed decoders, concluding by outlining the implementation and lifetime considerations of an ABS spoofer with real hardware.

Available format(s)
Publication info
Published by the IACR in CHES 2013
Automotive embedded systemsCyber-physical securityNon-invasive sensor attacksMagnetic sensors
Contact author(s)
yshoukry @ ucla edu
2015-05-05: received
Short URL
Creative Commons Attribution


      author = {Yasser Shoukry and Paul Martin and Paulo Tabuada and Mani B.  Srivastava},
      title = {Non-invasive Spoofing Attacks for Anti-lock Braking Systems},
      howpublished = {Cryptology ePrint Archive, Paper 2015/419},
      year = {2015},
      doi = {10.1007/978-3-642-40349-1_4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.