OBD Security issues

OBD Security issues:

Researchers at the University of Washington and University of California examined the security around OBD, and found that they were able to gain control over many vehicle components via the interface. Furthermore, they were able to upload new firmware into the engine control units. Their conclusion is that vehicle embedded systems are not designed with security in mind.


There have been reports of thieves using specialist OBD reprogramming devices to enable them to steal cars without the use of a key.The primary causes of this vulnerability lie in the tendency for vehicle manufacturers to extend the bus for purposes other than those for which it was designed, and the lack of authentication and authorization in the OBD specifications, which instead rely largely on security through obscurity.

OBD Standards documents

SAE standards documents on OBD-II

  • J1962 – Defines the physical connector used for the OBD-II interface.
  • J1850 – Defines a serial data protocol. There are 2 variants- 10.4 kbit/s (single wire, VPW) and 41.6 kbit/s (2 wire, PWM). Mainly used by US manufacturers, also known as PCI (Chrysler, 10.4K), Class 2 (GM, 10.4K), and SCP (Ford, 41.6K)
  • J1978 – Defines minimal operating standards for OBD-II scan tools
  • J1979 – Defines standards for diagnostic test modes
  • J2012 – Defines standards trouble codes and definitions.
  • J2178-1 – Defines standards for network message header formats and physical address assignments
  • J2178-2 – Gives data parameter definitions
  • J2178-3 – Defines standards for network message frame IDs for single byte headers
  • J2178-4 – Defines standards for network messages with three byte headers*
  • J2284-3 – Defines 500K CAN Physical and Data Link Layer
  • J2411 – Describes the GMLAN (Single-Wire CAN) protocol, used in newer GM vehicles. Often accessible on the OBD connector as PIN 1 on newer GM vehicles.

SAE standards documents on HD (Heavy Duty) OBD

  • J1939 – Defines a data protocol for heavy duty commercial vehicles

ISO standards

  • ISO 9141: Road vehicles — Diagnostic systems. International Organization for Standardization, 1989.
    • Part 1: Requirements for interchange of digital information
    • Part 2: CARB requirements for interchange of digital information
    • Part 3: Verification of the communication between vehicle and OBD II scan tool
  • ISO 11898: Road vehicles — Controller area network (CAN). International Organization for Standardization, 2003.
    • Part 1: Data link layer and physical signalling
    • Part 2: High-speed medium access unit
    • Part 3: Low-speed, fault-tolerant, medium-dependent interface
    • Part 4: Time-triggered communication
  • ISO 14230: Road vehicles — Diagnostic systems — Keyword Protocol 2000, International Organization for Standardization, 1999.
    • Part 1: Physical layer
    • Part 2: Data link layer
    • Part 3: Application layer
    • Part 4: Requirements for emission-related systems
  • ISO 15031: Communication between vehicle and external equipment for emissions-related diagnostics, International Organization for Standardization, 2010.
    • Part 1: General information and use case definition
    • Part 2: Guidance on terms, definitions, abbreviations and acronyms
    • Part 3: Diagnostic connector and related electrical circuits, specification and use
    • Part 4: External test equipment
    • Part 5: Emissions-related diagnostic services
    • Part 6: Diagnostic trouble code definitions
    • Part 7: Data link security
  • ISO 15765: Road vehicles — Diagnostics on Controller Area Networks (CAN). International Organization for Standardization, 2004.
    • Part 1: General information
    • Part 2: Network layer services ISO 15765-2
    • Part 3: Implementation of unified diagnostic services (UDS on CAN)
    • Part 4: Requirements for emissions-related systems

OBD History

OBD History :

1969: Volkswagen introduces the first on-board computer system with scanning capability, in their fuel-injected Type 3 models.
1975: Datsun 280Z On-board computers begin appearing on consumer vehicles, largely motivated by their need for real-time tuning of fuel injection systems. Simple OBD implementations appear, though there is no standardization in what is monitored or how it is reported.
1980: General Motors implements a proprietary interface and protocol for testing of the Engine Control Module (ECM) on the vehicle assembly line. The ‘assembly line diagnostic link’ (ALDL) protocol communicates at 160 baud with Pulse-width modulation (PWM) signaling and monitors very few vehicle systems. Implemented on California vehicles for the 1980 model year, and the rest of the United States in 1981, the ALDL was not intended for use outside the factory. The only available function for the owner is “Blinky Codes”. By connecting pins A and B (with ignition key ON and engine OFF), the ‘Check Engine Light’ (CEL) or ‘Service Engine Soon’ (SES) blinks out a two-digit number that corresponds to a specific error condition. Cadillac (gasoline) fuel-injected vehicles, however, are equipped with actual on-board diagnostics, providing trouble codes, actuator tests and sensor data through the new digital Electronic Climate Control display. Holding down ‘Off’ and ‘Warmer’ for several seconds activates the diagnostic mode without need for an external scan-tool.
1986: An upgraded version of the ALDL protocol appears which communicates at 8192 baud with half-duplex UART signaling. This protocol is defined in GM XDE-5024B.
1988: The Society of Automotive Engineers (SAE) recommends a standardized diagnostic connector and set of diagnostic test signals.
1991:[1] The California Air Resources Board (CARB) requires that all new vehicles sold in California in 1991 and newer vehicles have some basic OBD capability. These requirements are generally referred to as “OBD-I”, though this name is not applied until the introduction of OBD-II. The data link connector and its position are not standardized, nor is the data protocol.
~1994: Motivated by a desire for a state-wide emissions testing program, the CARB issues the OBD-II specification and mandates that it be adopted for all cars sold in California starting in model year 1996 (see CCR Title 13 Section 1968.1 and 40 CFR Part 86 Section 86.094). The DTCs and connector suggested by the SAE are incorporated into this specification.
1996: The OBD-II specification is made mandatory for all cars sold in the United States.
2001: The European Union makes EOBD mandatory for all gasoline (petrol) vehicles sold in the European Union, starting in MY2001 (see European emission standards Directive 98/69/EC[2]).
2004: The European Union makes EOBD mandatory for all diesel vehicles sold in the European Union
2008: All cars sold in the United States are required to use the ISO 15765-4[3] signaling standard (a variant of the Controller Area Network (CAN) bus).[4]
2008: Certain light vehicles in China are required by the Environmental Protection Administration Office to implement OBD (standard GB18352[5]) by July 1, 2008.[6] Some regional exemptions may apply.
2010: HDOBD (heavy duty) specification is made mandatory for selected commercial (non-passenger car) engines sold in the United States.

OBD-On board diagnostics

On-board diagnostics(OBD) is an automotive term referring to a vehicle’s self-diagnostic and reporting capability. OBD systems give the vehicle owner or repair technician access to the status of the various vehicle sub-systems. The amount of diagnostic information available via OBD has varied widely since its introduction in the early 1980s versions of on-board vehicle computers. Early versions of OBD would simply illuminate a malfunction indicator light or “idiot light” if a problem was detected but it would not provide any information as to the nature of the problem. Modern OBD implementations use a standardized digital communications port to provide real-time data in addition to a standardized series of diagnostic trouble codes, or DTCs, which allow one to rapidly identify and remedy malfunctions within the vehicle.