Researchers display “CAN do” skill in vehicle DoS

Car headlight

Add one more to the lengthening list of ways your connected car can get hacked.

The NCCIC/ICS-CERT (National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Readiness Team) issued an “alert” late last week following the release of a research paper on, “a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus.”

That, according to researchers Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero, can allow an attacker, “to perform a denial-of-service (DoS) attack (on) automotive networks.”

Which, in the case of vehicles, is more of a “denial of control” attack.

In their paper, “A Stealth, Selective Link-Layer Denial-of-Service Attack Against Automotive Networks,” presented at the DIMVA 2017 in Bonn, Germany, the researchers said it could allow an attacker to control, “even safety-critical inputs such as throttle, steering or brakes.”

Even if physical danger was not the goal, they said attackers could use it to demand a ransom for the owner to be able to start the car, or could prevent the doors from being locked.

And this type of attack, they said, would be more stealthy than previous types and, because the attack is based on CAN protocol weaknesses,“all CAN bus implementations by all manufacturers are vulnerable,” they wrote.

Beyond that, they conclude that the, “barrier to entry is extremely low.”

Perhaps. But, according to ICS-CERT, it would require:

…physical access and extensive knowledge of CAN to reverse engineer network traffic to perform a DoS attack disrupting the availability of arbitrary functions of the targeted device.

So while the potential damage from such an attack could be catastrophic, it appears to be less likely than those that can be done remotely – the 2015 hack of a Jeep Cherokee by Charlie Miller and Chris Valasek is perhaps the most famous example, but there have been plenty of others.

Still, this is yet another example of the multiple vulnerabilities of the CAN Bus standard – a pervasive problem that the auto industry in general doesn’t seem to be in a great hurry to address.

The CAN is essentially the car’s internal communication system of electronic control units (ECUs) that the researchers note, “is driven by as much as 100,000,000 lines of code.”

Earlier this year, Miller and Valasek released a collection of research notes, profiled in some detail by Naked Security’s Danny Bradbury, who wrote that, “ECUs handle things like adaptive cruise control, electronic brakes, parking assist and control of the steering column, so if you can interfere with these systems, you can at the very least monitor what the car is doing, if not control it.”

Bradbury also noted that Evenchick, one of the four authors of the research paper, is among several who have been providing “automotive hackery” to the world. Evenchick’s open source automotive toolset is called CANtact.

The researchers offered a detection strategy based on differential internal resistance (Rdiff), in which they said a detection mechanism could “find out when a (new) node is connected by measuring the amount of current necessary for a dominant condition at each vehicle startup and comparing this value with the previously registered ones.”

They also listed a number of mitigation strategies, including network segmentation (separate CAN network protected by firewalls), “encryption of the ID and Data Field of CAN frames,” and limiting access to input ports.

But ICS-CERT said the port access limits are, “the only current recommendation for protecting against this exploit. The agency’s announcement said it is “currently coordinating with vendors and security researchers,” to identify more of them.

Palanca, another of the authors, added that since their attack was, “based on the transmission of single dominant bits, not frames,” he expects it to, “become extremely relevant in the near future, when cars will start shipping with onboard security appliances and will become more and more autonomous, with safety-critical operations depending on the reliability of transmissions happening on their CAN buses.”

Eddie Habibi, founder and CEO of PAS, a vendor in the ICS industry, agreed. “Just because we cannot simulate a remote cyber breach today, it doesn’t mean that it won’t happen in the future,” he said.

The issue, he said, is that, “manufacturers continue to release products – in this case a three-ton product that can hurtle down a highway at 60 miles per hour carrying our most valuable possessions in the world (family members) – that are built without security as a fundamental design principle.”

Finally, the CAN weaknesses are a potential threat that will have to be addressed by more than the auto industry. ICS-CERT noted that, “CAN is widely used throughout the critical manufacturing, healthcare and public health, and transportation system sectors.”