The Unpatchable Bug In All Modern Cars

We have seen a number of hacks of cars including the hack of a Jeep driving down the highway at 60 miles an hour – from miles away – on 60 Minutes, but now researchers have come up with a new attack – one that cannot be patched.

The CAN bus or Controller Area Network bus, is the main communications highway in all cars built, at least, in the last 25 years.  The standard, designed in 1983 and in use since 1989 has not really changed very much since then.

In 1983 no one really worried about hackers so the bus has no security, no authentication and no encryption.

Today, almost every single car and light truck is controlled by the CAN buses in it.

Researchers from Trend Micro, Politecnico di Milano and Linklayer Labs discovered that you can overwhelm the bus with error messages.

Right now, today, the attack requires local access to your car.  That was the case with the Jeep attack – until attackers figured out how to do it remotely.

The attack injects error messages onto the bus which can, eventually, cause devices like the anti-lock brake controller or the airbag system to go offline and deactivate.  Since almost all car functions from the brakes to the engine control are computerized and attached to one of the CAN buses, if you can cause those devices to go offline, you will disable those functions.

Worse yet, without redesigning the CAN bus protocol, there is very limited remediation that car manufacturers can make.  On top of that, it is UNLIKELY that any cars currently on the road will ever be fixed because this is not a bug – it is, basically,  a feature.

SO, next time you get into your car… Well, I am not what you can do.

Information for this post came from The Hacker News.

by