Sharpening the focus on OBD-II security

  • 17-Feb-2017 01:23 EST
OBDII port 2016 Peugeot.jpg

The humble OBD-II port has moved beyond its originally designed intent as a port to check emissions and is now a potential gateway for vehicle security breaches. (PSA image)

SAE Standards News aims to update readers on the extensive activity in the SAE Global Ground Vehicle Standards development arena, by more than 800 ground vehicle committees comprised of volunteers from global industry stakeholders and SAE GVS staff who support the committee work.


In Fall 2016, the U.S. House Committee on Energy and Commerce reached out to the National Highway Traffic Safety Administration (NHTSA) in regards to addressing OBD-II security. The letter requested NHSTA to “convene an industry-wide effort to develop a plan of action for addressing the risk posed by the existence of the OBD-II port in the modern vehicle ecosystem.”

Enter SAE.

SAE International, at NHTSA’s urging, has started a working group that is ‘looking to explore ways to harden the OBD-II port’—that was their [NHTSA’s] language,” said Tim Weisenberger, SAE’s Project Manager, Technical Programs, Ground Vehicle Standards. SAE set to work by reaching out to a wide range of the industry. A working group was assembled to examine the issue with the goal of developing a set of recommendations.

“The OBD-II port has moved beyond its originally designed intent as a port to check emissions by regulators like the EPA and CARB,” Weisenberger explained. There are vehicle data access vs. vehicle security issues at hand. Many entities are requesting both legitimate and non-legitimate access to the port. The “legit” side include inspection and maintenance, workshop/service, insurance/other plug-in telematics and prognostics apps and performance tuners. On the malicious side are the hackers.

Triggering the industry

The group of approximately 40 gathered for the first workshops on December 1 and January 30 to identify common issues, needs and an approach to secure the OBD.

“The group included a couple of our experts that run various committees—Bob Gruszczynski from VW and Mark Zachos from DGTech were really the lead experts,” Weisenberger explained.

SAE staff were also present to facilitate and help to examine how the organization could move forward rapidly. They considered either standards development or expedited standards development that uses what SAE calls a Cooperative Research Project approach. This is a pathway for joint-venture research projects where two or more organizations pool their resources to study a pre-competitive technical area and share in the results.

“It was interesting that this was kind of a trigger for the industry to get together to create something that’s a little more open for the entire industry,’’ he said, “not just specific to company.”

The new OBD working group SAE has assembled is broad. It is comprised of eight automotive OEMs (BMW, Ford, GM, Honda, Hyundai, Isuzu, Toyota, VW), a few heavy truck OEMs and suppliers (Volvo, Cummins), various associations (MEMA, ETI), as well as representation from government and regulators (California Air Resources Board, NHTSA and the National Institute of Standards and Technology).

Get to know the TEVDS20

Through this effort, a new SAE committee was born: the Data Link Connector Vehicle Security Committee (TEVDS20). It is important to note that “data link connector” is the technical term for the OBD-II port (which is really more of an industry slang term, Weisenberger told AE). With the committee’s naming as a trigger, members will begin to use the technical term moving forward.

As this issue of Automotive Engineering went to press, the group was set to meet again to define the scope of work and engage a new Task Force under the committee to develop the technical work item (J3138). From there, the committee will continue to meet periodically to examine the issue and begin new work items as needed, Weisenberger explained.

“This new work item is a very specific use case,” he said. “It is a deep dive.” The potential is there for other work down the road, but for now the group has its very specific goal to meet the House Committee’s need of hardening the OBD-II port in sight.

We’ll keep you informed of their progress.

HTML for Linking to Page
Page URL
Rate It
0.00 Avg. Rating

Read More Articles On

Start of production for the plug-in hybrid Chrysler Pacifica minivan begins in late 2016, marking a milestone as Fiat Chrysler Automobiles (FCA)'s first mass-produced PHEV.
As new vehicles become more connected to the internet, to other cars, and to the road infrastructure, the number of potential intrusion points for hackers is growing fast.
HELLA’s electrically driven vacuum pump for vehicle brake systems is designed to provide on-demand brake-system vacuum for high-efficiency gasoline engines, diesels and turbo- and super-charged engines, as well as hybrid or full electric powertrains.
Texas Instruments’ 2.2-MHz, dual-channel synchronous buck converter offers a unique set of features designed to significantly reduce electromagnetic interference and high-frequency noise in high-voltage dc/dc step-down applications such as automotive infotainment and high-end cluster power-supply systems.

Related Items

Technical Paper / Journal Article
Technical Paper / Journal Article
Technical Paper / Journal Article
Technical Paper / Journal Article