The CAN Protocol Vulnerability Challenge
Recent research has highlighted a significant vulnerability in the Controller Area Network (CAN) protocol that enables denial of service (DoS) attacks to bypass CAN-based intrusion detection systems. This finding has prompted discussions within the automotive cybersecurity community about the need for fundamental changes to vehicle communication architectures.
While acknowledging the validity of the identified vulnerability, some industry experts argue that completely replacing or modifying the CAN protocol represents an overly aggressive response. The substantial investment already made in CAN-based vehicle platforms, including models currently in design and production, makes a full protocol overhaul impractical for most manufacturers.
A Practical Approach Through ECU Hardening
An alternative approach focuses on hardening the electronic control units (ECUs) that serve as the vehicle’s external attack surface. By securing these externally connected ECUs to only permit operations matching their factory defined behavior, malicious actors are prevented from injecting unauthorized CAN commands even if they gain initial access to a vehicle’s systems.
This ECU hardening strategy can be implemented through autonomous security solutions that enforce legitimate function calling graphs. Any deviation from the approved operational parameters is immediately detected as a potential compromise, triggering automatic blocking and reporting of the threat. Critically, this approach can be retrofitted to vehicles already on the road through software updates, avoiding the need for hardware changes or protocol modifications while still providing robust protection against CAN based attacks.
Source: Karambasecurity
