{"id":4352,"date":"2017-08-18T07:43:54","date_gmt":"2017-08-18T02:13:54","guid":{"rendered":"https:\/\/qadit.com\/blog\/?p=4352"},"modified":"2017-08-18T07:43:54","modified_gmt":"2017-08-18T02:13:54","slug":"unpatchable-flaw-in-modern-cars-allows-hackers-to-disable-safety-features","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/unpatchable-flaw-in-modern-cars-allows-hackers-to-disable-safety-features\/","title":{"rendered":"Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features"},"content":{"rendered":"
<\/p>\n
\n
\n

\nToday, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car’s functions\u2014from instrument cluster to steering, brakes, and accelerator\u2014are electronically controlled.\n<\/p>\n

\nNo doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked.\n<\/p>\n

\nCar Hacking is a hot topic, though it is not new for security researchers who hack cars. A few of them have already demonstrated how to hijack a car remotely, how to disable car’s crucial functions like airbags, and even how to remotely steal cars.\n<\/p>\n

\nNow, security researchers have discovered a new hacking trick that can allow attackers to disable airbags and other safety systems of the connected cars, affecting a large number of vendors and vehicle models.\n<\/p>\n

\nA team of researchers from Trend Micro’s Forward-looking Threat Research (FTR) team, in collaboration with Politecnico di Milano and Linklayer Labs, discovered a critical security vulnerability in the CAN (controller area network) protocol that car components use to communicate to one another within the car’s network.<\/p>\n

\nHackers Can Remotely Take Control of Smart Cars<\/h3>\n

\nInitially developed in 1983 and put into production in 1989, the CAN standard manages the majority of the electrical subsystems and control units found in a significant number of modern smart cars.\n<\/p>\n

\nIf exploited, the vulnerability could eventually allow attackers to turn off crucial safety functions of a vehicle, such as airbags, power-steering, parking sensors, and the anti-lock brakes\u2014or almost any computerised component that’s connected to the car’s CAN bus.\n<\/p>\n

\nSince the CAN standard is being used in “practically every light-duty vehicle currently in circulation today,” the fundamental security flaw affects all modern, internet-connected vehicles, rather than just a particular vendor.<\/p>\n

\nHow Your Smart Car Can Get Hacked?<\/h3>\n

\nThe hack particularly targets the messaging system in CAN, in which messages, including errors, are called “frames.”<\/p>\n

\n“Our attack focuses on how CAN handles errors. Errors arise when a device reads values that do not correspond to the original expected value on a frame,” Trend Micro researcher Federico Maggi writes in a blog post.<\/p><\/blockquote>\n

\n“When a device detects such an event, it writes an error message onto the CAN bus in order to “recall” the errant frame and notify the other devices to entirely ignore the recalled frame.”<\/p><\/blockquote>\n

\nBy overloading the system with error messages, attackers can make a device to go into a Bus Off state, cutting it off from the greater CAN system and making it inoperable.\n<\/p>\n

\nThis, in turn, allows attackers to deactivate essential systems like the airbag system or the anti-lock braking system, which could result in dangerous and even fatal situations.\n<\/p>\n

\nThe attack requires a “<\/p>\n

specially-crafted attack device<\/i><\/p>\n

” to be introduced via local access, which is only possible if the attacker has access to your vehicle.\n<\/p>\n

\nHowever, researchers believe that current transportation trends like ride-sharing, carpooling, and car renting have made the scenario much easier.<\/p>\n

\nIt’s a Design Flaw \u2014 Can’t Be Patched!<\/h3>\n

\nSince the vulnerability exists in the design of the CAN bus messaging protocol used in CAN controller chips, the issue can not be directly patched with an OTA (on-the-air) upgrade or dealer recall.\n<\/p>\n

\nPatching this design flaw requires changes in the CAN standards and an entire generation of vehicles using this specification. So, unfortunately, there is no remedy to the problem yet.\n<\/p>\n

\nHowever, the researchers recommended car manufacturers to adopt some network countermeasures, which would mitigate such attacks, but not entirely.\n<\/p>\n

\n
\n“Car manufacturers can only mitigate the attack we demonstrated by adopting specific network countermeasures, but cannot eliminate it entirely,” the researchers said.<\/p><\/blockquote>\n

\n
\n“To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented. This whole process would likely require another generation of vehicles.”<\/p><\/blockquote>\n

\nResearchers also suggest car makers even to consider adding a layer of encryption to the CAN bus protocol that will make messages harder to mimic, as part of a long-term security solution.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

Read the Full Article here: >The Hacker News [ THN ]<\/a><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car’s functions\u2014from instrument cluster to steering, brakes, and accelerator\u2014are electronically controlled. No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked. Car … <\/p>\n

Continue reading “Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[293],"class_list":["post-4352","post","type-post","status-publish","format-standard","hentry","category-itsec","tag-wonder-information"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-18c","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4352"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4352\/revisions"}],"predecessor-version":[{"id":4353,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4352\/revisions\/4353"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}