Report: Modern cars' components can be hacked

By Allen Cone   |   Aug. 16, 2017 at 3:23 PM
share with facebook
share with twitter
| License Photo

Aug. 16 (UPI) -- Modern cars' electronic components, including safety features, are susceptible to hacks from individuals with physical access, according to researchers.

Researchers from Politecnico di Milano, Linklayer Labs and Trend Micro's Forward-looking Threat Research team produced information and an advisory was posted earlier this month by the U.S. Department of Homeland Security's National Cybersecurity and Communications Integration Center and Industrial Control Systems Cyber Emergency Response Team.

"NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network Bus standard with proof-of-concept exploit code affecting CAN Bus, a broadcast based network standard," the agency said.

CAN Bus protocol is a three-decade-old networking layout in which components issue commands to one another. Manufacturing, healthcare, public health and transportation systems sectors use the system, according to the agency.

The system communicates through data of zeros, indicating the transmission of an electric current, and ones, where no current is transmitted. Repeated error messages can transmitted to never turn off the current and it will shut off after too many of them.

"If someone was to install an aftermarket part that had been tampered with, they could set off a denial of service attack that is stealthy," Trend Micro Senior Threat Researcher Federico Maggi, who worked on this project with Andrea Palanca, Eric Evenchick and Stefano Zanero, told The Hilll.

For example, the engine could turn up the stereo's volume during acceleration to keep the radio audible over increased noise.

"Successful exploitation of the vulnerability on an automobile may allow an attacker with physical access and extensive knowledge of CAN to reverse engineer network traffic to perform a DoS attack disrupting the availability of arbitrary functions of the targeted device," ICS-CERT said.

ICS-CERT said it is working with vendors and security researchers to identify mitigations.

Maggi sees no patch to fix the problem but people need to be cautious about who is given access to their cars.

Related UPI Stories
Trending Stories