Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 18 2017, @06:13PM   Printer-friendly
from the broken-as-designed dept.

A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.

The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.

The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.

Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.

Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.

"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."

[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.

"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.

[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.

Source: Bleeping Computer


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by requerdanos on Saturday August 19 2017, @09:59PM

    by requerdanos (5997) Subscriber Badge on Saturday August 19 2017, @09:59PM (#556502) Journal

    the most common nefarious activity

    Most commonly known, you mean. There's a lot more slightly crooked car mechanics out there than outright hollywood murder plots.

    No, I meant the most common in terms of exploitation, but I do see your point about the car mechanic profit padding angle.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2