The CAN protocol issues an error message to recall the message with the intentionally incorrect
               bit.  These  steps  are  repeated.  The  substantial  number  of  errors  creates  a  Bus  Off  state.  In
               theory, the protocol should isolate a device that would be malfunctioning. This would stop the
               waterfall of other devices continuing to fail post the initial device. The increase in the number of
               errors creates the Bus Off state.

               The attacker may focus on the different modules in the vehicle for the attack. With a successful
               attack, the airbags, anti-lock brakes, door locks, or other areas in the vehicle may be disabled
               (Greenberg, 2017).

               Remediation

               In the non-vehicle realm, the remediation for this is not a complex issue to solve. There are a
               number  of  applications  that  may  work  well  with  the  use  case  in the  enterprise. These,  while
               coded for the  enterprise,  accomplishes  its task exceptionally  well,  do  not  work  in the  vehicle
               technology  environment.  To  correct  this  and  would  require  an  update  to  the  CAN  standard
               (Maggi,  2017).  There  are  many  different  configurations  to  attempt  to  correct  this,  including
               segmenting the network in the vehicle and encryption.

               Reference

               Greenberg,  A.  (2017,  August  16).  A  deep  flaw  in  your  car  lets  hackers  shut  down  safety
               features. Retrieved from https://www.wired.com/story/car-hack-sht-down-safety-features/

               Kovacs,  E.  (2017,  July  31).  ICS-CERT  warns  of  CANBus  vulnerability.  Retrieved  from
               http://www.securityweek.com/ics-cert-warns-can-bus-vulnerability

               Maggi, F. (2017, August 16). The crisis of connected cars: When vulnerabilities affect the CAN
               standard.  Retrieved  from  http://blog.trendmicro.com/trendlabs-security-intelligence/connected-
               car-hack/

               Palanca, A., Evenchick, E., Maggi, F., & Zanero, S. (2017, June 4).  A stealth, selective, link-
               layer    denial-of-service   attack   against    automotive    networks.     Retrieved    from
               https://link.springer.com/chapter/0.1007/978-3-319-60876-1_9



               About the Author

               DRP is a Cybersecurity Lab Engineer focused on securing the world for the users one module
               at a time. DRP’s interests include the intersection AI & ML and automotive cybersecurity.













                   18    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.