Millions of cars affected by CAN exploit
A security flaw that could affect millions of cars has been identified, with researchers warning that there may be no fix available to protect susceptible vehicles. The exploit works by overloading the so-called CAN, or “car device network”, which connects all of the different aspects of modern vehicles together. With the right code, essential parts of the car’s safety features – such as the airbags or antilock brakes – could be forced offline.
The CAN was adopted as a standard for road vehicles by the ISO back in 1993, though it was developed back in 1983 by Bosch. It’s effectively the nervous system through which different components and technologies in the car communicate, spanning everything from comfort and convenience features like the HVAC system and infotainment, through to vital tech like the engine control module and the power steering.
Each section communicates via messages known as “frames”, and it’s designed to be a self-policing system when it comes to errors. Should a bad frame be issued, a device attached to the CAN is able to order its recall. If a device issues too many frames with errors, it’s forced into a “Bus Off” state where it’s pushed offline and effectively switched off.
This newly-identified exploit, the handiwork of Politecnico di Milano, Linklayer Labs, and Trend Labs‘ Forward-looking Threat Research (FTR) team, takes advantage of that behavior. Rather than trying to sneak an error-filled frame through the system, it instead floods the CAN with such messages. After a certain point, reusing frames already circulating within the CAN, different systems can be forced offline.
The specific vulnerability of an individual vehicle varies according to a number of factors. It’s theoretically possible, the researchers say, that a remote hack could take place, if the firmware of any part of the ECU supported remote reprogramming. For instance, if a car manufacturer has enabled support for adding new features to the infotainment system, that could also provide a backdoor for hackers to introduce frame flooding.
Unfortunately, while the US/ICS-CERT regulator has been notified, and issued a security bulletin, the core nature of the CAN means that there’s no easy fix. Some automakers may be able to update their software to minimize the impact of frame flooding, but many will not. Indeed, the simplest way of addressing the possibility might come down to securing the ODB port with some sort of locking cover.
The best fix, it’s suggested, is for an overhaul to the CAN system itself so that future vehicles won’t be so vulnerable. That will undoubtedly take a lot of work, and time, and there’s no way that existing vehicles on the road will be retrofitted with the new system.
Source | SlashGear