As if having to worry about your computer or phone getting hacked wasn’t daunting enough, researchers have found that you have to add another one to the list: your car. Researchers at Trend Micro have discovered a vulnerability that can be exploited on the majority of cars out on the market. The vulnerability uses the CAN(Controlled Area Network) standard as a vector meaning it does not discriminate between make or model of the car. A targeted attack can potentially disable many safety features in a vehicle.
The CAN standard is a protocol adopted by car manufacturers and implemented in road vehicles since 1986. CAR is responsible for overseeing cars internal communications between its components. The way the attack works is by bombarding a specific component within the CAN network with error messages. The overload of error prompts will then cause the respective device to shut down. The vulnerability could allow hackers to disable various features security features like air bags, door locks, anti-lock breaks. In essence, it is a DDoS attack on a car.
To perform the attack, the would hacker requires having access to the car’s network. This can be done through a device connected locally to the car or. The most alarming thing about this vulnerability is that there is no way to patch it at the moment. This is because the vulnerability is based on a design flaw of the CAN standard. Car manufacturers can only provide some network countermeasures that will mitigate the attacks.