Researchers have discovered a security flaw that could potentially affect all new vehicles. It allows an attacker to turn off safety features, such as airbags, ABS brakes, and power-steering — or any of a vehicle’s computerised components connected to its controller area network or CAN bus. Cybersecurity experts commented below.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:
“First of all, the words “to shut down remotely” used in news about this vulnerability isn’t quite correct. CAN is a protocol for internal communications in the car, it’s not connected to the Internet. To conduct the DDoS attack via this flaw, a hacker would need a special device physically connected to the car’s CAN via open ports. So it’s not a “remote attack”, it requires physical invasion.
“However, it could be really dangerous in the modern world of car renting and car sharing when people use cars that where used by strangers before them. So the best security recommendation here is to limit the access to input ports of the car and to carry regular security checks of the publicaly used cars (taxi, rental, car sharing).
“The main problem of this vulnerability is that it cannot be cured by security update: it’s a flaw in the protocol architecture. Since CAN is an internal protocol, it was designed without any thoughts about an active attacker from outside world. The same problem is common for many other industrial networking protocols – for example, SS7 protocol in telecoms can now be used by hackers and this cannot be cured by patches, since this whole protocol wasn’t supposed to be connected to outside world and used by strangers.
“There is also a possibility of an remote attack if some vulnerable unit of the car is connected to Internet (for example, some entertainment system). The attacks of this sort are already described by many security experts, and the main protection method is to limit the Internet access from/to your car.”
Art Dahnert, Managing Consultant at Synopsys:
“The problem identified by Trend Micro is related to the design and architecture of the CAN bus found in nearly all new cars today. The development of the technology goes back to the 1980’s, predating the World Wide Web. No one at that time thought that someone would deliberately try to sabotage a vehicle over the in car network.
“The attack involves creating a Denial of Service for a specific target by using the error management built into the CAN bus protocol. When an attacker causes the network to send too many error “messages” (frames) to a device, the design dictates that the target goes into a Bus Off state. This means that it will no longer respond to messages or send new ones, effectively disabling the device. In the case of an automobile it might be the ABS or airbags or even the electrically assisted power steering.
“Generally, these types of attacks will require access to the vehicle and the ability to persist beyond a restart. However, now that newer vehicles can be connected to the internet in a myriad of ways this is no longer true. Taking advantage of connected phones and telematics features, an attack could happen without direct physical access. And this isn’t necessarily isolated to a single manufacture or model of vehicle.
“Even though the problem has been identified, resolving it will be a long time coming. There are many factors involved, including the large number of vehicle and component manufacturers as well as the technical difficulties in developing a solution for this type of problem. Not to mention the requirements to allow access by the aftermarket and third party repair establishments.
“You can’t bolt on security, it has to be built in from the beginning. A simple update will not fix the cars on the road today.”