Hackable flaw in connected cars is ‘unpatchable’, warn researchers [source: nakedsecurity]
by CIRT Team
The news for the motoring public was bad enough a few weeks ago: a team of researchers had demonstrated yet another hackable flaw in connected vehicles – in the Controller Area Network (CAN) bus standard – that could enable a Denial of Service (DoS) attack on safety systems including brakes, airbags and power steering.
Kind of a big deal, since the CAN is essentially the brain of the car – it handles a vehicle’s internal communication system of electronic control units (ECUs) that the researchers noted, “is driven by as much as 100,000,000 lines of code”.
And the news got worse this past week, with word that the flaw – which applies to virtually every modern car, not just a single brand or model – is unfixable. As Bleeping Computer put it, “this flaw is not a vulnerability in the classic meaning of the word … (It) is more of a CAN standard design choice that makes it unpatchable.” To patch it would require “changing how the CAN standard works at its lowest levels”.
To accomplish a redesign that would eliminate the flaw, the researchers concluded in their paper, titled “A Stealth, Selective Link-Layer Denial-of-Service Attack Against Automotive Networks”, would take an entire generation of vehicles.
For more, click here.