The CAN bus is a vehicle standard designed to allow components to communicate with each other, it is widespread in automotive and the flaw discovered by the researchers affects a large number of vendors and vehicle models.
The messages exchanged on the CAN, including errors, are called “frames,” the researchers focused their research on how CAN handles errors.
“Our attack focuses on how CAN handles errors. Errors arise when a device reads values that do not correspond to the original expected value on a frame,” read the blog post published by Trend Micro.
“When a device detects such an event, it writes an error message onto the CAN bus in order to “recall” the errant frame and notify the other devices to entirely ignore the recalled frame. This mishap is very common and is usually due to natural causes, a transient malfunction, or simply by too many systems and modules trying to send frames through the CAN at the same time.”
According to the CAN standards, when a component flood the bus with error messages, it goes into a Bus Off state and it is cut it off from the CAN system and making it inoperable.
Abusing this feature, an attacker can force the deactivation of any system connected to the CAN, including security systems like the airbag system or the anti-lock braking system.
The attack scenario sees the attackers using a “specially-crafted attack device” that is connected via local access to the vehicle.
Experts pointed out that transportation trends like ride-sharing and carpooling could make this attack scenario feasible.
Unfortunately, this is a design flaw of the CAN bus messaging protocol used in CAN controller chips, this means that the vulnerability cannot be directly patched with an OTA (on-the-air) upgrade or by recalling the vehicles.
To fix the design flaw, it is necessary to introduce changes in the CAN standards.
The researchers recommended manufacturers to implement network countermeasures to mitigate such attacks:
“Car manufacturers can only mitigate the attack we demonstrated by adopting specific network countermeasures, but cannot eliminate it entirely,” the researchers said.
“To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented. This whole process would likely require another generation of vehicles.”