Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.

Intrusion Detection System for CANBus

posted by martyb on Thursday July 24 2014, @06:36AM   Printer-friendly
from the so-now-it's-a-CAN'TBus? dept.

cafebabe writes:

Wired reports that:

They built their anti-hacking device for $150 in parts: an mbed NXP micro controller and a simple board. This plugs into a jack underneath a car or truck's dashboard known as the OBD2 port. Power it on for a minute during routine driving, and it captures the vehicle's typical data patterns. Then switch it into detection mode to monitor for anomalies like an unusual flood of signals or a command that should be sent when the car is parked but shows up when you're instead doing 80 on the highway.

If it spots mischief, the device puts the car into what Miller and Valasek call "limp mode," essentially shutting down its network and disabling higher-level functions like power steering and lane assist until the vehicle restarts. "You just plug it in, it learns, then it stops attacks," says Valasek, the director of vehicle security research at security consultancy IOActive.

Miller and Valasek's gadget may raise fears about false positives that could mistakenly disable your car's computers during rush hour. But in their tests, they say it hasn't misinterpreted any innocent signals in the car's networks as attacks. That's in part, they say, because a car's digital communications are far more predictable than those of a typical computer network. "It's just machines talking to machines," says Valasek. "In the automotive world, the traffic is so normalized that it's very obvious when something happens that's not supposed to happen."

The inventors claim it defeats all previous CANBus attacks. However, when you've got no authentication, no encryption and no source address in your "trusted" network, defense seems like a losing battle.

 
This discussion has been archived. No new comments can be posted.
Intrusion Detection System for CANBus | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by FatPhil on Thursday July 24 2014, @07:52AM

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Thursday July 24 2014, @07:52AM (#73167) Homepage
    > If it spots mischief, the device puts the car into what Miller and Valasek call "limp mode," essentially shutting down its network and disabling higher-level functions like power steering and lane assist until the vehicle restarts.

    So now you don't need a targetted attack, you can just spew noise onto the bus, and the system will shut down. So you've made it unimaginably easier to DoS. >slow hand clap<. *Availability* is an essential component of a secure system, and this removes that.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 1, Informative) by Anonymous Coward on Thursday July 24 2014, @08:13AM

    by Anonymous Coward on Thursday July 24 2014, @08:13AM (#73172)

    > So you've made it unimaginably easier to DoS.

    If you are DoS'ing the system then you are, by definition, attacking it.
    The other half of the problem is to make sure there is no wireless access to the CANbus.
    If there is no wireless then any attacker has already had physical access to the vehicle.
    So whether it is a directed attack or not doesn't really matter, it is a sign the system is compromised.