Security researchers hack automotive CAN network

This entry was posted on Wednesday, August 3rd, 2016.

White hat security researchers Charlie Miller and Chris Valasek have once again hacked a 2014 Jeep Cherokee, this time plugging a laptop directly into the vehicle’s CAN network via a port under the dashboard.

“Instead of merely compromising one of the so-called electronic control units or ECUs on a target car’s CAN network and using it to spoof messages to the car’s steering or brakes, they also attacked the ECU that sends legitimate commands to those components, which would otherwise contradict their malicious commands and prevent their attack,” explained Wired’s Whitney Curtis. “By putting that second ECU into ‘bootrom’ mode—the first step in updating the ECU’s firmware that a mechanic might use to fix a bug—they were able to paralyze that innocent ECU and send malicious commands to the target component without interference.”

This technique allowed Miller and Valasek to take control of the parking brake, forcing it to activate at any speed. Another vulnerability discovered in the steering module ECU enabled the duo to “lock” the wheel into place – resisting driver attempts to turn it, although Miller and Valasek were able to digitally turn the wheel themselves. In yet another attack that didn’t require ECU bootrom mode, the security researchers managed to alter the settings on the Jeep’s cruise control and accelerate by tens of miles per hour in just a few seconds.

Last year, we showed you can remotely send CAN messages. This year, we sent them plugged into the car. This is a new class of attacks against CAN messages. It’s an easy attack,” Miller told DarkReading. [For example], we can permanently lock the electronic parking brake so it’s permanently immobilized. Even if you restarted the car, the parking brake would be on and you would not be able to drive anywhere. We disabled all aspects of steering, so it’s super-hard to turn the wheel and even harder if you drive the car without steering [capability] at any speed.”

It should also be noted that Miller told The Register the attacks could be carried out “using a concealed device which either contains automated and timed commands, or with remote attacks over a wireless link.”

As we’ve previously discussed on Rambus Press, layers of security are necessary to protect vulnerable automotive systems, preferably starting with a hardware-based root of trust and advanced isolation mechanisms that offer uncompromising protection against various forms of attack. Industry collaboration is also important, because one single company cannot fix automotive security by itself. While a more cooperative, comprehensive approach to automotive security is technologically possibly the industry clearly has a long way to go in terms of implementation.