CANCAN: CAN-IN-CAN Attack for Bypassing Security

CANCAN: CAN-IN-CAN Attack for Bypassing Security - “Don’t look at the ‘CANCAN’ (Hebrew: pitcher), look at what’s contained inside” is a Hebrew idiom, equivalent to the English idiom “Don’t judge a book by its cover”.

The Controller Area Network (CAN) bus protocol allows communication between various components inside most modern-day vehicles. The introduction of the new Controller Area Network Flexible Data-Rate (CAN-FD) protocol allows for faster communication with a larger number of data bytes per message. As these protocols are used for passing critical messages between different components, many attacks were found, and many security measures were proposed to solve or restrict them.

In this talk, a new way of compromising systems utilizing the CAN-FD protocol is presented. By introducing a crafted CAN-FD message encapsulating a legal CAN or CAN-FD message, components could potentially be made to accept the encapsulated internal message instead of the external message that was, in fact, sent on the bus. Furthermore, this talk will show how existing security solutions do not mitigate this attack and will propose effective mitigation solutions against it.

PRESENTER:

Matan Ziv is a Principal Cyber Security Researcher at Cymotive Technologies specializing in vulnerability research. Matan has over 15 years of experience in the embedded security field. His work for the last 8 years has been focused on automotive security, firmware binary analysis and tool development. As part of his contribution to the research community he has developed an open-source IDA plugin tool called "Oregami", helping with the handling of information flow through registers in the disassembly code of embedded systems.