search menu icon-carat-right cmu-wordmark

On Board Diagnostics: Risks and Vulnerabilities of the Connected Vehicle

White Paper
This report describes cybersecurity risks and vulnerabilities in modern connected vehicles.

Software Engineering Institute


The Department of Homeland Security’s US-CERT tasked the CERT Coordination Center (CERT/CC) at Carnegie Mellon University’s Software Engineering Institute (SEI) to study these devices to better understand the cybersecurity impact to consumers and the public. The CERT/CC analyzed a representative sample of these devices for vulnerabilities and found widespread failure to apply basic security principles. If these devices are compromised, the potential impact includes loss of privacy, vehicle performance degradation or failure, and potential injury.

The CERT/CC hopes this research will better inform consumers, enterprise fleet managers, insurance companies, and policymakers about the potential risks of these devices. The OBD-II port was created to provide consumers with choice and control over their purchase. At the same time, this freedom must be balanced with thoughtful conversations on how to limit adversaries’ access to vehicle internals.