Cisco Unveils Security Testing for Automotive CAN Bus
In 2015 Fiat-Chrysler recalled 1.4 million cars, due to a code vulnerability that allowed remote attackers to take control of Chrysler cars sporting the UConnect infotainment system -- including disabling brakes, transmission and other critical systems. The recall was the first of its kind, and highlighted the unique threat posed by insecure Internet of Things (IoT) systems that control physical systems and machinery.
At the heart of the issue is the controller area network (CAN) bus, a two-wire, multi-master serial bus used in automobiles to link various systems, sensors and devices, ranging from interior and exterior lights to radio controls to critical systems like brakes, airbags and transmission. The problem: The CAN bus was never intended to be secure, and certainly never intended to be exposed to public networks as it could be with the UConnect code flaw allowing connection via the Sprint cellular network.
Now a team in the Connected Vehicle Security (CVS) practice at Cisco has released 4CAN, an open-source, hardware and software tool that lets car manufacturers and others test on-board computers for vulnerabilities over the CAN bus. The 4CAN project has four goals, according to the company:
- Validate communication policy for intra-CAN bus communication.
- Fuzz test components to identify potential code vulnerabilities.
- Explore CAN commands used to control and interact with vehicles.
- Simplify the testbench setup to ease testing and configuration.
The 4CAN hardware streamlines testing by integrating four CAN channels on a single Raspberry Pi device, using a 40-pin GPIO header to remotely control test vehicles. The 4CAN solution is a big improvement on past implementations, which required wiring three CAN devices to test four CAN buses simultaneously -- a setup the product team described in a blog post as "a bit unwieldy, requiring lots of wires making connection tracking and test aggregation difficult."
4CAN can be inserted between the CAN bus and an electronic control unit (ECU) to capture traffic and determine if an ECU is sending or receiving messages. It can also modify traffic to perform a man-in the-middle attack. The system can also sniff inter-CAN communications, sending CAN messages with known payloads onto one CAN bus and comparing them to the same messages received on a different CAN bus. This can determine if a CAN gateway is filtering or modifying messages.
The 4CAN project can be found on Git hub.
About the Author
Michael Desmond is an editor and writer for 1105 Media's Enterprise Computing Group.