Cisco Unveils Security Testing for Automotive CAN Bus

In 2015 Fiat-Chrysler recalled 1.4 million cars, due to a code vulnerability that allowed remote attackers to take control of Chrysler cars sporting the UConnect infotainment system -- including disabling brakes, transmission and other critical systems. The recall was the first of its kind, and highlighted the unique threat posed by insecure Internet of Things (IoT) systems that control physical systems and machinery.

At the heart of the issue is the controller area network (CAN) bus, a two-wire, multi-master serial bus used in automobiles to link various systems, sensors and devices, ranging from interior and exterior lights to radio controls to critical systems like brakes, airbags and transmission. The problem: The CAN bus was never intended to be secure, and certainly never intended to be exposed to public networks as it could be with the UConnect code flaw allowing connection via the Sprint cellular network.

Now a team in the Connected Vehicle Security (CVS) practice at Cisco has released 4CAN, an open-source, hardware and software tool that lets car manufacturers and others test on-board computers for vulnerabilities over the CAN bus. The 4CAN project has four goals, according to the company:

  • Validate communication policy for intra-CAN bus communication.
  • Fuzz test components to identify potential code vulnerabilities.
  • Explore CAN commands used to control and interact with vehicles.
  • Simplify the testbench setup to ease testing and configuration.

The 4CAN hardware streamlines testing by integrating four CAN channels on a single Raspberry Pi device, using a 40-pin GPIO header to remotely control test vehicles. The 4CAN solution is a big improvement on past implementations, which required wiring three CAN devices to test four CAN buses simultaneously -- a setup the product team described in a blog post as "a bit unwieldy, requiring lots of wires making connection tracking and test aggregation difficult."

4CAN can be inserted between the CAN bus and an electronic control unit (ECU) to capture traffic and determine if an ECU is sending or receiving messages. It can also modify traffic to perform a man-in the-middle attack. The system can also sniff inter-CAN communications, sending CAN messages with known payloads onto one CAN bus and comparing them to the same messages received on a different CAN bus. This can determine if a CAN gateway is filtering or modifying messages.

The 4CAN project can be found on Git hub.

About the Author

Michael Desmond is an editor and writer for 1105 Media's Enterprise Computing Group.


  • HPE and Cumulus Bolster Datacenters for AI, IoT and 5G

    In a bid to deliver "a flexible networking fabric that is predictable, scalable and reliable," Hewlett-Packard Enterprise's StoreFabric M-Series Ethernet Switches will now run Cumulus Networks' Linux OS and NetQ management software.

  • Robot Maker Launches Open Source App Templates for Devs

    Misty Robotics, creator of the Misty platform robot, recently announced the availability of new Misty as Concierge application templates for its Misty II machine.

  • Qualcomm Blends AI and Silicon for New Autonomous Driving Platform

    Qualcomm wowed CES attendees with its new Snapdragon Ride Platform, an autonomous driving solution that combines the Snapdragon family of automotive systems-on-chip (SoCs) with a purpose-built software stack.

  • Humanoid Chatbots Take the Stage at CES 2020

    One of the buzziest announcements at this year's Consumer Electronics Show was Samsung's much anticipated Neon project, which generates realistic, human-like digital avatars.