Unpatchable 'Flaw' Affects Most of Today's Modern Cars

Catalin Cimpanu, writing for BleepingComputer: A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others. The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components. The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team. Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.

Exploit requires access

[klossner]

To perform this DOS attack, you must have a device physically connected to the CAN bus. If an attacker has that kind of access to your car, a DOS attack is not your biggest problem. The attacker could just as easily pump 120 volts into the bus and fry every component. Or leave a time bomb on the driver's seat.

okay

[ArylAkamov]

This is nothing new, anyone who has developed a CAN device before knows this, no "shocking new research" needed. It was never designed to be secure, it was designed to be extremely resistant to noisy environments, and does a damn good job at it.
tl;dr if you are a political target, get an older car without an electric throttle body and electric power steering bullshit.

Oh enough of this shit

I am so sick of infosec nerds thinking they know more than the engineers at Ford, BMW, etc. About building cars. Coming up with new "vulnerabilities" - "I just need physical access to the car's OBD-II port with a laptop". Stick to Flintstones cars if you feel so insecure, the rest of us will drive fearlessly in luxury.

Re:Oh enough of this shit

[MachineShedFred]

In fact, this is such a known quantity by anyone that knows what the hell is going on in a modern car that there are products you can buy for some cars that actively edit the CANbus signals going into the ECU to tune the car's engine without invasive and potentially dangerous loading of non-sanctioned firmware. And, this additive hardware adds settings and features that were never available to the car from the manufacturer, such as altering turbo boost based on current octane sensor data and oil temperature data - increasing power when safe to do so, but decreasing if fuel quality is bad, or the engine is too hot. It achieves the desired effect in a safer, better, and more reversible way than an ECU flash with a different boost mapping.

And this is possible because you can slap a signal processor in between the ECU and the rest of the CANbus, and the ECU will never know it's happening. Something starts to go wrong, and you disable it or remove it completely (unless something goes REALLY wrong, in which case caveat emptor, buddy.)

Yeah, I'll go ahead and keep the open CANbus instead of some new standard that requires all kinds of lockdown and essentially DRM, and deal with the exactly zero "vulnerability" issues in literally billions of vehicle-miles travelled by CANbus equipped vehicles.

Re:Oh enough of this shit

[DarkOx]

So I am one of those infosec guys and we have been doing CAN bus assessments for the big 3 for some time now. This has to be the stupidest article I have read in some time.

First off the next gen cars are already implementing 'segmented' CAN buses with a firewall module that allows some devices to send white listed messages from the less privileged body areas to the more privileged engine management and safety buses. So this problem is already being solved.

Very few existing cars have a path to remotely introduce CAN messages. Some do but those interfaces have by and large been hardened pretty well, the Jeep stuff from some years ago is long fixed.

So what have here is basically if you are in the car you can do bad stuff by wiring into the can bus. Okay I make the airbag fail too buy yanking it out of the dash board, who cares.

Another approcah.

[harrkev]

There is another approach. CAN traffic happens over a differential pair. I have a specially-constructed device that can jam CAN traffic. I call it a "paperclip." I bend it and plug it into both data lines on the OBD port and the network is dead.

We need to ban these dangerous hacking paperclips.

Re:All of these have this flaw

[Mr+D+from+63]

Almost all of the older machine control style buses have this exact flaw. NONE of them authenticate. All of them can be MITM very easily. Most IoT systems out there are predicated on the fact that they can do this.

You think it is bad? No, its worse than that. I try not to think about it much.

Doesn't bother me at all. With or without this flaw, people can sabotage your car. In this case, they have to have the technology, knowhow, access and motive to exploit the flaw. Why would they take the difficult path when there are much easier ways to F with your car?

Re:All of these have this flaw

[TWX]

Except that as infotainment systems get more complex and more heavily integrated with the vehicle's CANBUS system and with the Internet via cellular networks, suddenly the possibility that someone can sabotage your car without having ever come within a thousand miles of you becomes a real prospect. Now add drive-by-wire where the vehicle controls are just inputs and the computer more directly controls acceleration, braking, and even steering, and you've got a recipe for a disaster if someone figures out how to exploit all models of a manufacturer with the same flaw. Imagine if all Honda Accords with lane-departure and adaptive cruise control suddenly accelerate at full-speed for five seconds then suddenly turn fifteen degrees to the left. If an attack like that was successful it would probably hurt or kill thousands of people.