Computerized components started making their way into certain cars back in the 1960s. These days computers are in every vehicle made.
Features like Apple CarPlay and Android Auto make driving a joy. The downside is how easily your car is able to be hacked.
Researchers at Trend Micro’s Forward-looking Threat Research (FTR) collaborated with others and discovered a major design flaw that is in all modern vehicles. The vulnerability allows a hacker with remote access to shut down a number of safety features. Airbags, brakes, and parking sensors are all impacted.
What’s happening is, hackers are able to take advantage of the network protocol that connects all in-vehicle equipment and systems and allows them to communicate. The standard for this network is dubbed Controller Area Network (CAN).
This protocol was released in the mid-1980s and made the industry standard in 1993. Meaning every vehicle made since 1993 has this vulnerability.
Below is an explanation of the flaw:
“CAN messages, including errors, are called ‘frames.’ Our attack focuses on how CAN handles errors. Errors arise when a device reads values that do not correspond to the original expected value on a frame.
“When a device detects such an event, it writes an error message onto the CAN bus in order to ‘recall’ the errant frame and notify the other devices to entirely ignore the recalled frame. This mishap is very common and is usually due to natural causes, a transient malfunction, or simply by too many systems and modules trying to send frames through the CAN at the same time.
“If a device sends out too many errors, then — as CAN standards dictate — it goes into a so-called Bus Off state, where it is cut off from the CAN and prevented from reading and/or writing any data onto the CAN. This feature is helpful in isolating clearly malfunctioning devices and stops them from triggering the other modules/systems on the CAN.
“This is the exact feature that our attack abuses. Our attack triggers this particular feature by inducing enough errors such that a targeted device or system on the CAN is made to go into the Bus Off state, and thus rendered inert/inoperable.
“This, in turn, can drastically affect the car’s performance to the point that it becomes dangerous and even fatal, especially when essential systems like the airbag system or the antilock braking system are deactivated. All it takes is a specially-crafted attack device, introduced to the car’s CAN through local access, and the reuse of frames already circulating in the CAN rather than injecting new ones.”
How to mitigate the flaw
Mitigating this vulnerability won’t be easy. The flaw lies in the design and is impossible to patch. Fixing the problem is expected to take an entire generation of vehicles to adopt new regulations and policies.
The researchers who discovered this gave these suggestions for long-term solutions:
- Network Segmentation or Topology Alteration: By altering the topology or segmenting a CAN in a vehicle, targeted error-flooding can be stopped from affecting a specific system.
- Regulated OBD-II Diagnostic Port Access: The creation of a special hardware key or password in order to open the case where the port is physically located may protect against illegal and unauthorized devices being introduced to the CAN. The implementation of a software-level authentication in order to allow traffic from and to the port can be considered as well. This would require a change in the regulations.
- Encryption: Encrypting CAN frame ID fields can prevent attackers from identifying CAN frames to target, and thus resulting in a noisier and much more detectable attack pattern.