Page 17 - Cyber Defense eMagazine - November 2017
P. 17

WHAT IS OLD IS NEW AGAIN



               NEW APPLICATION FOR OLD ATTACK

               by DRP; Cybersecurity Lab Engineer


               Vehicle  security  assessment  (car  hacking)  being  in  earnest  three  to  four  years  ago.  The
               momentous occasion most associated with this was the Jeep attack (Greenberg, 2017). This
               has  been  well  publicized  in  the  print  media,  social  media,  YouTube,  and  many  other
               placements. This act of research truly opened the eyes of not just the public, but also politicians
               and InfoSec personnel.

               One area that continues to be an issue is with connect vehicles being vulnerable due to several
               factors, one of which is the link to the internet. This link has the potential to open a door widely
               to the vehicle, allowing the knowledgeable attacker the opportunity to exploit any vulnerabilities,
               both openly known and not yet well publicized. A recent vehicle attack was presented at the
               DIVMA security conference in Bonn, Germany (Greenberg, 2017).

               Vulnerability

               This particular attack is focused on the vehicle’s internal network and CAN. In effect, this takes
               the form of a DoS attack. This is present in the vehicles manufactured for years. Unfortunately,
               the attack and vulnerability is nearly a universal problem. The fundamental security issue for this
               attack is the CAN protocol. This allows for the vehicle’s components to communicate with each
               other  within  the  vehicle’s  network.  This  was  designed  for  this  and  is  within  the  standard
               operations. With the current level of technology with the vehicles, this attack is nearly impossible
               to detect.

               The  technology  in  the  vehicles  which  are  in  service  at  this  time  are  not  designed  to  defend
               against this  (Maggi,  2017). To  defend  against  the  DoS  attack  seemingly  would  not  require  a
               massive integration and a multitude of change orders. An issue within  this implementation is
               finding  the  application(s)  that  may  work  in  this  environment,  completing  successful  proof  of
               concept,  and  then  implementing  this  within  each  OEM’s  platform.  With  the  level  of
               administration and planning with this application, having this be an integral part of the vehicle’s
               technology platform may require this being planned on with the next generation.

               Attack

               The  issue  is  with  the  CAN  standard  itself  (Maggi,  2017).  This  particular  attack  works  a  bit
               different than the normal DoS attack that has plagued victims through the IoT botnet army. The
               attack seeks a frame, or basic unit of communication. Once this is identified, the attacker would
               insert its own frame with a corrupted bit. This corrupted bit is substituted for another bit already
               present in the communication channel. The targeted vehicle component recognizes the bit is not
               correct, as it has been corrupted by the attacker.



                   17    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   12   13   14   15   16   17   18   19   20   21   22