The Controller Area Network (CAN) is a robust vehicle communication protocol that has facilitated seamless communication between Electronic Control Units (ECUs) for decades.
However, as vehicles become more connected and autonomous, securing these systems has become increasingly critical. Let’s take a dive into the vulnerabilities of CAN:
Vulnerabilities in CAN
- Lack of Built-in Security
When Bosch developed CAN in the 1980s, security was not a priority. The protocol was designed for reliability and speed, not for external threats. As a result, CAN lacks encryption, authentication, or message validation mechanisms.
- Broadcast Communication
CAN operates as a broadcast network, meaning messages are sent to all nodes on the bus. While this enables simple communication, it means any compromised device can inject malicious messages, causing malfunctions or data leaks.
- Physical Access Equals Control
Gaining physical or remote wireless access to the CAN bus via an On-Board Diagnostics (OBD-II) port allows attackers to manipulate ECUs. This can include altering engine performance, disabling brakes, or shutting off safety systems.
- Susceptibility to Replay and Injection Attacks
CAN messages do not carry timestamps or sequence numbers, making them vulnerable to replay attacks, where old commands are retransmitted. Injection attacks, where unauthorized messages are introduced, can mimic legitimate ECU signals.
- Limited Fault Isolation
A single malfunctioning ECU can flood the CAN network with error frames, overwhelming the bus and potentially leading to system-wide failures.
Securing CAN Systems
- Firewalls and Gateways: Segregate CAN networks into smaller segments to restrict unauthorized access.
- Tamper-Proof ECUs: Use ECUs with cryptographic capabilities to authenticate communication.
- Intrusion Detection Systems (IDS): Monitor CAN traffic for anomalies, unexpected patterns or repeated error frames.
- Message Authentication: Introduce security layers that validate message origins, such as cryptographic message authentication codes (MACs).
- CAN FD (Flexible Data Rate) provides better throughput and adaptability for encryption schemes.
- Ethernet backbones for secure, high-speed communication while relegating CAN to subsystem-specific tasks.
- Over-the-Air Updates
Regular firmware updates for ECUs can address emerging vulnerabilities, provided they are securely deployed and authenticated.
Real-World Implications
Several high-profile demonstrations exposed CAN’s vulnerabilities:. In 2015 cybersecurity researchers remotely hijacked a Jeep Cherokee, cutting its transmission and disabling its brakes.
In fleet management systems, attackers have exploited CAN weaknesses to falsify location data or interfere with vehicle telemetry. Insurance industry
Sources and Citations
- Bosch’s official documentation on CAN FD evolution
- CANAttack: Assessing Vulnerabilities within Controller Area Network
- IEEE studies on AI-based intrusion detection for automotive networks
- Intrusion Detection System CAN-Bus In-Vehicle Networks
- SAE International on CAN vulnerabilities and IDS solutions
- The car hackers handbook
- Wired’s report on the Jeep Cherokee hack