U.S. Cybersecurity Agency Identifies and Adds Six Exploited Vulnerabilities to Known Flaws Catalog
U.S. Cybersecurity Agency Identifies and Adds Six Exploited Vulnerabilities to Known Flaws Catalog
One such vulnerability is the Controller Area Network (CAN) bus, a communication protocol that allows various components of a car's system to communicate with one another.
Thieves are increasingly using CAN injection hacks to steal cars, according to a report by the National Insurance Crime Bureau (NICB). These attacks involve manipulating the data sent through the CAN bus to take control of a vehicle's systems. This allows the attackers to disable the car's security measures, such as the immobilizer or alarm system, and start the engine without a key.
One of the most common methods of CAN injection is through a physical device that connects to the OBD-II port, a diagnostic port that is present in all modern cars. The device can be easily purchased online, and once plugged in, it allows the attacker to send commands to the car's computer system. This type of attack is particularly concerning because it does not require the attacker to have any physical access to the car, making it an attractive option for car thieves.
Another method of CAN injection is through malware that infects a car's computer system. This type of attack is more difficult to carry out, as the attacker needs to find a way to introduce the malware into the car's system. However, once the malware is in place, it can be used to take control of the car's systems remotely.
The NICB report highlights several examples of CAN injection attacks that have occurred in recent years. In one case, a thief stole a Jeep Grand Cherokee using a physical device plugged into the OBD-II port. The thief was able to start the engine remotely and drive away without a key. In another case, a group of thieves used malware to steal over 100 cars in the Chicago area. The attackers were able to take control of the cars' systems and disable their alarms and immobilizers.
The rise in CAN injection attacks is a worrying trend in the world of cybercrime. As cars become more connected, the potential for attacks on their computer systems increases. The NICB report warns that "as vehicles become more reliant on technology, they also become more vulnerable to cyber-attacks."
Car manufacturers have been working to address these vulnerabilities by implementing better security measures in their vehicles. However, it is a difficult task, as the vast number of different car models and systems makes it challenging to create a one-size-fits-all solution. In the meantime, car owners can take steps to protect themselves from CAN injection attacks. One option is to install a physical lock on the OBD-II port, which can prevent attackers from plugging in a device. Car owners should also be cautious about downloading software updates or connecting their cars to unsecured Wi-Fi networks, as these can provide an entry point for malware.
In conclusion, the rise of CAN injection attacks is a significant concern for car owners and the automotive industry as a whole. As technology continues to advance, it is likely that cybercriminals will find new ways to exploit vulnerabilities in cars' computer systems. However, by taking steps to protect themselves, car owners can reduce the risk of falling victim to these attacks. It is essential for car manufacturers to continue to invest in improving the security of their vehicles to stay ahead of cybercriminals' tactics.
