WingNews logo WingNews
top | item 35651231

(no title)

mothsonasloth | 2 years ago

CAN bus is a brilliant thing for car diagnostics and modification but with every good system normally has a sword of damocles.

I would imagine my Passat which has a CAN interface on the headlight cluster would be vulnerable to this attack as well. Maybe even the bonnet sensor could be vulnerable.

Car manufacturers could remove CAN interfaces from peripheral systems (lights, wing mirrors) but they probably won't because it would make maintenance a little harder and less cost effective.

The idea of a software update by the security researchers sounds sensible but updating ECUs (engine control units), CCU (climate comfort units), infotainment systems of legacy cars will not happen.

Say goodbye to the old car thieves with their manual tools, hello techy thieves.

discuss

order

jon-wood|2 years ago

It feels like this should be manageable without completely removing CAN interfaces from peripheral systems by having multiple busses that are interconnected to each other. Things like lights and wing mirrors can sit on a low security peripheral network, with the controller rejecting any commands that aren't whitelisted, it's not like you need to be able to plug arbitrary devices into your headlight socket.

TheLoafOfBread|2 years ago

You know that it actually is whitelisted by its CAN ID, but ECU can't tell where the command came from.

zamnos|2 years ago

Given range extender attacks on key fobs for cars (and subsequent methods to defeat that attack) techy thieves have always been around.

There are rumors that the algorithm and secret key for various manufacturers has been broken, and that any car with a remote can be stolen after recording the unlock and start sequence from nearby. But if you had the code that would do that, it's not like you'd upload it to GitHub, so that rumor remains just that, a rumor.

mhandley|2 years ago

Is CAN bus actually a serial bus? If so, I wonder if it's possible to make a CAN bus jammer. Plug it in anywhere on your car, and its sole role is to detect all CAN bus messages and jam them. Add bluetooth to it, so you can switch it on and off from outside the car.

wildzzz|2 years ago

CAN is multi-master so you could just have a device on the bus that hold the line active forever.

illiarian|2 years ago

> CAN bus is a brilliant thing for car diagnostics and modification but with every good system normally has a sword of damocles.

There are over 100 issues (aka bugs) in the spec though. Uncovered by these guys: https://youtu.be/zi0rHwfiX1Q?t=1150 (starting at 19:10, includes examples)