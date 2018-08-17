from the broken-as-designed dept.
A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."
[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.
Source: Bleeping Computer
(Score: 2) by frojack on Friday August 18, @06:32PM (1 child)
Here's a better idea:
Don't but the CAN bus on the internet or let it receive or send to anything outside the vehicle.
Also locate the ONLY diagnostic port inside the locked cabin of the vehicle.
No, you are mistaken. I've always had this sig.
Reply to This
(Score: 2) by jmorris on Friday August 18, @06:47PM
Think you miss the point. CAN = Car Area Network. Everything in the vehicle connects to CAN. Everything. And anything that can connect to it can send commands to any other node and there is no security. Crawl under a car, attach to something like the transmission and remotely crash the vehicle at your leisure.
They would have to reinvent everything, every component would have a hardwired public key, there would have to be a maintaince keyring to allow the owner (i.e. the factory authorized service center, you don't think they will give the sucker making the note actual ownership do you?) to have the network recognize a replaced component. All communication would be at least signed, probably encrypted. And goodbye diagnostic port.
Reply to This
Parent
(Score: 4, Informative) by Grishnakh on Friday August 18, @06:45PM (2 children)
How is this any worse than someone cutting your brake lines like in the old movies?
If someone has physical access to the inside of your car, there's no telling what they can do.
But if the CAN bus is exposed to the internet somehow, that's definitely a massive design failure and should be harshly punished.
Anyway, this is just a bunch of scare-mongering over "Hackers!!". Physical tampering with cars (including messing with the brakes, or even planting a bomb) has been a potential problem for many, many decades now, and it's never going to change: it's infeasible to drive a tank, and you'd need something built like that to really discourage physical access by intruders.
Reply to This
(Score: 2) by bob_super on Friday August 18, @06:47PM
> it's infeasible to drive a tank
GM/Ford/Chrysler: "Challenge accepted!"
Reply to This
Parent
(Score: 0) by Anonymous Coward on Friday August 18, @07:24PM
All of the older protocols are fairly wide open. The security was the impossibility to get AT the cable. That is no longer true. Then with IoT the bend it to be wide open on the internet. Usually behind some proprietary protocol. If you are lucky they may SSH it.
If you think it is bad. It isn't. Its much much worse.
Reply to This
Parent