Cars are no longer defined through their mechanical construction but are to a large extend dependent on software that controls their behaviour. Even though automotive software is more thoroughly tested than consumer software, it still contains bugs. Reasons for that range from the use of third-party libraries to the fact that automotive software is usually written in low-level languages. Furthermore, a car reveals a lot of personal information about its occupants, from their daily routine to their musical taste.

Security of In-Vehicle Communication

In recent years, several attacks have impressively demonstrated that the software running on embedded controllers in cars can be successfully exploited – often even remotely. The fact that components that were hitherto purely mechanical, such as connections to the brakes, throttle, and steering wheel, have been computerized makes digital exploits life-threatening. Because of the interconnectedness of sensors, controllers and actuators, any compromised controller can impersonate any other controller by mimicking its control messages, thus effectively depriving the driver of his control. We are developing several security mechanisms that protect the computers of cars, so-called Electronic Control Units (ECUs), against vulnerabilities, detect intrusions and we develop security-by-design architectures for automotive interconnectedness.

  • Open Source Lighthouse Project:

Privacy of Vehicle Data

We have developed methods for assessing the privacy of modern cars. Our methods support reverse engineering of intra-car and extra-car communication to discover and correlate sensor values and resulting privacy issues. In experimental analyses, we have shown that manufacturers collect a lot of personal information such as the number of weight of passengers, who is driving, the whereabouts of the car, and even usage statistics of doors, lights, AC and music taste. We also develop technical protection mechanisms that prevent inadvertent loss of data and put the occupants back in control of their data.

Torture-Testing for Autonomous Driving Testing

Car makers are conducting extensive testing of their autonomous vehicles on proofing grounds and in virtual pre-defined scenarios. Because proofing grounds do not offer a deterministic test field and are time-consuming, virtual hardware- and software-in-the-loop testing is used instead, as it provides the necessary reproducibility. We develop a systematic testing framework for autonomous driving algorithms. Our framework uses procedural scene generation to adapt to how a car handles a situation while driving. Our machine-generated scenes pronounce misbehaviour by tailoring new scenes based on monitored driving behaviour.

3rd Party Funded Projects

ADAC Vehicle Data

Which personal data does a vehicle save about it’s occupants? We reverse engineered a Renault ZOE for the German Automobile Club (ADAC). Official website.


Adaptive mobility of light vehicles through dynamic vehicle adaptation with environment detection


  • 3.23 m € (73% are funded through BMBF)
  • 04/2019 - 03/2023


  • Constin GmbH, Berlin
  • Orange-BikeConcept GmbH, Karlsruhe
  • TÜNKERS, Ratingen
  • Karlsruher Institut für Technologie
  • CISPA - Helmholtz-Zentrum GmbH, Saarbrücken
  • Technische Universität Braunschweig
  • Fachhochschule Aachen


Electrically powered small vehicles not only enable personalized mobility in urban environments, they can also make a significant contribution to improving air quality in city centers. A prerequisite for broad acceptance of these vehicles is that the technical and application possibilities are adapted to the needs of potential user groups.