Often, many car hacking proof-of-concepts and vulnerabilities are disregarded because they require having local access to the car. First, our attack can be enabled with any remotely exploitable vulnerability that allows the attacker to reprogram the firmware of an ECU (e.g., the infotainment system). Secondly, even local attacks should be taken seriously. Traditionally, the scenario in which an attacker could access a car that way is not only rare, but is also very risky to the attacker. This may have been true back then, but with current transportation trends such as ride-sharing, carpooling, and car renting, the scenario where many people can have local access to the same car is now more commonplace. As such, a paradigm shift in terms of vehicle cybersecurity must happen.
Unpatchable flaw discovered in car CAN standard
Posted on Thursday, August 17 2017 @ 15:31 CEST by Thomas De MaesschalckTrendMicro warns about the crisis of connected cars as the ubiquitous CAN standard suffers from a design flaw that makes most modern cars vulnerable to attacks. Car makers can mitigate the attack but it can't be fully eliminated because it's a design vulnerability within the CAN standard itself. Check out their full post for more details.
