CAN FD vulnerability threatens vehicle security
The Controller Area Network (CAN) bus protocol has been established as the common standard for networking and communication of control units in vehicles for a good 25 years. However, the data transmission capacity of a CAN bus is no longer sufficient by far in today’s highly digitalised vehicles. Therefore, a new technology has been introduced with the Controller Area Network Flexible Data Rate (CAN FD) protocol, which accelerates communication thanks to a larger number of data bytes per message. The protocol is primarily used for the transmission of critical messages between the various components.
Experts from the cybersecurity company Cymotive Technologies have now discovered a vulnerability in the CAN FD protocol which, according to them, seriously threatens the security in almost all modern vehicles: The gap, called CANCAN, makes it possible to encapsulate the messages sent via communication protocols. This makes it possible to inject a forged CAN FD message that encapsulates a legal message. In this way, components can be tricked into accepting the encapsulated internal message instead of the external message that was actually sent on the bus. The problem: Conventional security solutions available on the market cannot effectively mitigate this type of attack. At the same time, the CANCAN vulnerability can affect every conceivable vehicle component that uses the CAN FD protocol. This includes protocols that are currently under development, such as CAN XL.
Therefore, Cymotive strongly recommends that automotive manufacturers and suppliers take the vulnerability seriously and take appropriate security measures. Cymotive’s cybersecurity research team has developed helpful solutions for this purpose, with which possible attacks can be effectively defended against. These include, for example, so-called CAN frame attacks that exploit valid sent messages. This category also includes “bus flood attacks” (sending messages with high priority, preventing other messages from being sent), “spoofing” (the ability to send messages that should actually be sent by another entity) and “sniffing” (eavesdropping on unencrypted data intended for another entity). These attacks can severely compromise the availability, authenticity and confidentiality of the system.
Thoughtful intrusion detection systems (IDS) and intrusion prevention systems (IPS) provide a remedy. The former try to detect anomalies on the CAN bus. These can be based on the properties of incoming messages such as time, CANID and, in certain implementations, the payload itself. If such an anomaly is detected, the event can be logged. Nevertheless, the attack is not effectively prevented. An IPS usually includes all the mentioned functions of an IDS and also offers some mechanisms for blocking messages. Some solutions can detect a malicious message in real time and prevent it from reaching its destination. This can be done in two ways: For example, it is possible to act as a man-in-the-middle (MITM) between the attacker and the bus. As MITM, the IPS is able to refuse to send a malicious message. As a second option, bits can be injected directly into the bus while the malicious message is being sent. This allows it to be marked as invalid for processing by other components.
Related articles:
The “Swiss Cheese” Approach to Automotive Security
“Vatican” stops hacker attacks on cars
Karamba Security transfers honeypot principle to the connected car
CAN transceiver provides cyber security without encryption
Green Hills adds Argus Cyber Security to automotive ecosystem
Security IP hardens CAN XL against cyber attacks
Standard emerges to help fight threat of automotive hacks
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
