Published on August 21st, 2017 | by Daniel Sherman Fernandez0
Hackers can shut down your high tech car NOW!
Driving a simple older car might not a bad thing today after all as new evidence has come to light that a new software flaw now affects nearly all modern cars and it allows computer hackers to remotely access and shut down safety features in your new high tech car.
This software bug, which security experts have described as a “denial of service attack” can allow hackers to disable cars’ safety systems including airbags, brakes, parking sensors and much more.
The vulnerability affects the Controlled Area Network (CAN) protocol, available in almost all modern cars, which is used to oversee communications between a car’s internal units. Since the vulnerability is essentially a design flaw affecting the CAN protocol, it cannot be patched. The CAN protocol, which became the ISO standard in 1993, was developed by Bosch in 1983 and is deployed in almost all modern cars.
Researchers say that current technology can only allow car manufacturers to mitigate the attack with limits but that the attack cannot be entirely eliminated. A new generation of cars would have to be developed to patch the flaw comprehensively. Even more worrying, a simple recall will not work.
This particular car hacking technique is not similar to those previously seen. To conduct the attack, hackers would need a customized device that can connect to the car’s CAN via open ports. Instead of injecting malicious code into the CAN network, the attack targets how the CAN responds to error messages.
Researchers explained that when the CAN protocol receives too many error messages it goes into a “so-called Bus Off state,” disconnecting the device from CAN.
This, in turn, can drastically affect the car’s performance to the point that it becomes dangerous and even fatal, especially when essential systems like the airbag system or the antilock braking system are deactivated.
All it takes is a specially-crafted attack device, introduced to the car’s CAN through local access, and the reuse of frames already circulating in the CAN rather than injecting new ones.
WE will continue to drive our old and simple cars (which have no more monthly payments tied to them) and be safe.