According to the latest research from a collaborative team of researchers from Linklayer Labs, Politecnico di Milano and Trend Micro’s Forward-looking Threat Research (FTR) the modern vehicles are all plagued with a vulnerability that allows a denial-of-service (DoS) attack to be carried out. This vulnerability is so extensive that it would need a generation of cars to be patched.
As per the research team’s findings, it is possible for an attacker to remotely or manually shut down different components of modern vehicles due to an inherent flaw. The components that could be targeted include safety systems like parking sensors, brakes, and airbags, etc. The ‘Controller Area Network’ or CAN protocol is affected by this embedded flaw. CAN protocol is commonly deployed in modern vehicles.
Its purpose is to initiate and manage communication between the internal components of a vehicle. The flaw is quite critical, but it is not a real vulnerability but a complexity noted in the standard design of CAN protocol. This design choice by the manufacturers has made it unpatchable. Bosch designed CAN protocol in 1983 and 1993 it became an ISO standard.
According to researchers, to fix the flaw, it is important to make CAN protocol work at lowest levels. However, car makers cannot eliminate the flaw but can only mitigate the issue through network countermeasures. To eliminate the risk the only way is to update CAN standard and propose, adopt and implement it in modern cars, which would ideally take an “entire generation of vehicles” for resolving the flaw. The issue cannot be fixed with an On-the-Air/OTA upgrade, claims Trend Micro’s researcher Federico Maggi.
“It is currently indefensible by modern car security technology, and to completely resolve it would require broad, sweeping changes in standards and the ways in-vehicle networks and devices are made,” says Maggi.
It is being speculated that the flaw is present in almost every modern vehicle because nearly all modern vehicles rely upon this protocol to interconnect components. The flaw is a denial-of-service attack, which can easily be exploited through local access by default. However, if any component of the vehicle contains a remotely-exploitable flaw, the CAN flaw will also be exploited by an attacker remotely.
Attackers then would require a specially created device to connect to the CAN bus via local open ports. Frames already circulating in the CAN dictated the device reuses vicinity, and new frames are injected. This produces errors and initiates a denial-of-service attack in a number of components.
Maggi explains the consequences of the attack: “This, in turn, can drastically affect the car’s performance to the point that it becomes dangerous and even fatal, especially when essential systems like the airbag system or the antilock braking system are deactivated.”
The flaw has been recognized by the Department of Homeland Security’s ICS-CERT despite that car manufacturers cannot do anything immediately to fix it. The only possible immediate solution is to restrict the access to input ports on vehicles specially OBD-II.
In the long term, researchers recommend that standardization bodies, decision makers, and car manufacturers get together to revise and improve existing standards or issue new ones in tune with our times.
The research was presented last month at the DIMVA conference in Bonn, Germany. A YouTube video recorded by Trend Micro researcher Federico Maggi is available below: