New car hacking tool developed by Toyota

The specifications of the ‘PASTA’ test platform will be shared via open source

An information security and digital forensics investigator from Toyota arrived in London from Japan carrying a briefcase containing the new tool for cybersecurity testing on vehicles developed by this company.

Researchers at Toyota’s InfoTechnology Center, Takuya Yoshida and Tsuyoshi Toyama, are part of the team that developed Portable Automotive Security Testbed (PASTA), an open source test platform for researchers and digital forensics specialists testing cars in developing process. Upon arriving in London, the researchers made a demonstration of the tool, mentioning that Toyota plans to make known the software specifications through Github, as well as plan to launch it on sale once finished, starting in Japan.

The most alluring fact about the development of this tool, in addition to its 8 kg of weight, is that most car manufacturers have ignored or dismissed previous investigations into cybersecurity in their products, even though this kind of jobs expose the gaps in some of the automated and networked functions in the vehicles. The fact that Toyota is developing this tool and wills to share its specifications through open source platforms such as Github could mean a major change in the automotive industry.

“There is a lag in the development of cybersecurity in the automotive industry,” Toyama said on his arrival in the UK. “Even so, car manufacturers, including Toyota, are preparing for the new generation cyberattacks”, the expert said. According to specialists in digital forensics from the International Institute of Cyber Security, there is still a lot of work space in the field of car cybersecurity.

This is the main reason why this tool was developed, to help researchers explore how the engine control units (ECU) of the automobile work, as well as the CAN protocol used to establish communication between the different elements of the vehicle, in addition to search and test exploits and vulnerabilities.

The investigator specified that the tool is not designed to test in a moving car, as its objective is to provide a safe platform for researchers, something that would not be possible with a tool for moving vehicles. However, the tool developed by Toyota is capable of simulating the remote operation of the wheels, brakes, windows and other features of the car. “It is small and portable so that users can study, investigate and hack anywhere,” said Toyama.

The PASTA platform contains four ECU inside, as well as LED panels that the investigator can control to run any test of the operation of the automobile system or attacks such as the injection of CAN messages. It includes ODBII and RS232C ports, as well as a port for debugging or binary hacking.

The researchers integrated a management simulation program into the tool, as well as a car model to demonstrate some ways in which it can be used. PASTA can also be used for research and development purposes with real vehicles, which would allow car manufacturers to analyze how a function developed by some third party affects the operation and safety of the vehicle, for example.