AutoHack2025

CO-SHOW AutoHack 2025 is Korea’s only competition focused on automotive hacking and defense. It was led and organized by MoSE, the Mobility Cybersecurity Laboratory at Kookmin University, which also prepared the competition challenges. Based on its research expertise in automotive cybersecurity, the MoSE Laboratory provided its own research vehicles to create a hands-on training environment using real vehicles. Through this competition, participants were given the opportunity to experience real-world security threats.

This competition was jointly hosted by the Future Mobility Consortium and the Data Security Utilization Convergence Consortium under the Convergence and Open Sharing System project. A total of 111 students from 27 universities participated in AutoHack 2025. After the preliminary round, 40 students from 10 teams representing 15 universities advanced to the final round.

-Sponsored by ETAS, AUTOCRYPT, and VECTOR
-A real vehicle-based automotive hacking and defense competition using an A*-type vehicle.

1. Preliminary CTF Round

The preliminary round consisted of a total of 10 CTF challenges. The problems covered various categories, including Pwnable, Misc, and Reversing, as well as automotive-specific challenges, in order to evaluate participants’ hacking and cybersecurity capabilities.

2. Final Round

The final round was held from November 26 to 28, 2025, at BEXCO in Busan. In addition to vulnerability analysis and reversing-based challenges, hands-on advanced tasks were presented, including attack and defense scenarios for unmanned mobility systems (CAN·RF·GPS), fuzzing application, and IDS implementation. The competition was conducted to allow participants to perform communication security testing under conditions similar to real-world environments.

Deriving Attack Scenarios Targeting Installed Systems and Unmanned Mobility Platforms (CAN, RF, GPS, etc.)

In an unmanned mobility environment, this task evaluated participants’ practical response capabilities by requiring them to analyze and respond to attack and defense scenarios targeting complex communication channels such as CAN·RF·GPS.

Vulnerability Detection through In-Vehicle Communication Fuzzing in the CANoe Simulator (with Vector Korea)

This hands-on task was conducted in a CANoe-based virtual vehicle simulation environment provided by Vector Korea, where participants performed fuzzing and detected and verified vulnerabilities.

Implementation of a CAN Protocol-Based IDS (Intrusion Detection System)

Through the task of implementing and applying a CAN-based intrusion detection system (IDS), participants’ cybersecurity capabilities were comprehensively evaluated from the perspectives of detection logic design and testing.

3. AutoHack Competition Dataset

The AutoHack Competition Dataset was used as the official benchmark dataset in the final round of the AutoHack competition. It was collected from a 2023 Hyundai vehicle in a real vehicle environment and contains synchronized CAN traffic from multiple in-vehicle buses, including C-CAN, P-CAN, and B-CAN.

The dataset includes both normal driving data and representative attack scenarios such as DoS, Fuzzing, Spoofing, Replay, and UDS-based Spoofing. By using this dataset, participants designed and evaluated CAN-based intrusion detection systems under realistic and challenging automotive cybersecurity conditions.

[Overview of Datasets]

Real-Vehicle CAN Traffic: Collected from a 2023 Hyundai vehicle to reflect realistic in-vehicle communication patterns during driving and stationary conditions.
Synchronized Multi-Bus Logs: Provides time-synchronized CAN traffic from C-CAN, P-CAN, and B-CAN, enabling IDS evaluation across multiple in-vehicle network domains.
Physically Verified Attacks: Includes attack scenarios whose effects were verified through observable vehicle-state changes, improving the reliability of ground-truth labels.
Dataset Download Link:Download