Unpatchable Flaw Affects Most of Today's Modern Cars

[LASER_oneXM]

A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.

The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.

It will take a new generation of cars to patch the flaw
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.

Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.

Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.

"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."

The vulnerability researchers describe is a denial of service attack. The issue can be exploited with local access by default, but if any of the car's components contains a remotely-exploitable flaw, then the CAN vulnerability can also be exploited from a remote location.

Below is an explanation of how the vulnerability works:

CAN messages, including errors, are called “frames.” Our attack focuses on how CAN handles errors. Errors arise when a device reads values that do not correspond to the original expected value on a frame. When a device detects such an event, it writes an error message onto the CAN bus in order to “recall” the errant frame and notify the other devices to entirely ignore the recalled frame. This mishap is very common and is usually due to natural causes, a transient malfunction, or simply by too many systems and modules trying to send frames through the CAN at the same time.

If a device sends out too many errors, then—as CAN standards dictate—it goes into a so-called Bus Off state, where it is cut off from the CAN and prevented from reading and/or writing any data onto the CAN. This feature is helpful in isolating clearly malfunctioning devices and stops them from triggering the other modules/systems on the CAN.

This is the exact feature that our attack abuses. Our attack triggers this particular feature by inducing enough errors such that a targeted device or system on the CAN is made to go into the Bus Off state, and thus rendered inert/inoperable. This, in turn, can drastically affect the car’s performance to the point that it becomes dangerous and even fatal, especially when essential systems like the airbag system or the antilock braking system are deactivated.

 

[Solarquest]

Bad news.. the car industry it will take forever to solve it unless it is forced (by law, public pressure) to do but I hope to be wrong.

 

[Entreri]

Interesting. Remote hacking is concerning.

As for criminals, even the most expensive cars with the latest defenses can be towed away and shipped to the M.E for sale.