Technology has invaded our daily lives and is becoming more and more deeply rooted, often without our being aware of it. Our cars are a clear example of such a scenario, where we are increasingly dependent on this technology.
A recent finding has shown that there is a serious flaw in a protocol used on almost every modern car that could jeopardize occupant safety. In case of attack several security and control systems are turned off without any warning.
The CAN (Controlled Area Network) is a protocol used in modern cars and whose mission is to control communications between different systems, ensuring that they interact and provide all the information.
A group of investigators has now discovered a flaw in CAN design and allows any attacker to perform a denial of service, causing these systems to fail to communicate and shut down as expected.
The way to carry out this attack is to give orders to the CAN, purposely failed, leading to the appearance of error messages in the system. As your drawing has been defined it should turn off if a large volume of these messages appears, the attack happens to be successful.
The bigger problem, besides the failure itself and the possible attack, is in the impossibility of updating of the whole modern car park. It is almost impossible for brands to collect their vehicles and update them. To make matters worse, the CAN itself will need to be redesigned and this failure mitigated.
The researchers believe that it will take several decades to wait for all affected vehicles to be withdrawn from the market so that this failure is resolved, not actively.
This is just another flaw that has been discovered that affects systems where we think we cannot be attacked. Increasingly, and partly because of IoT, we become aware that the systems we use are vulnerable and that we, the users, are exposed to security problems and failures.