Cisco has released a new hardware open-source tool called 4CAN that aims to help find flaws in automotive computers.
“To help secure this emerging technology (connected vehicles), Cisco has dedicated resources for automobile security. The Customer Experience Assessment & Penetration Team (CX APT) represents the integration of experts from the NDS, Neohapsis, and Portcullis acquisitions. This team provides a variety of security assessment and attack simulation services to customers around the globe. CX APT specializes in identifying vulnerabilities in connected vehicle components,” the Cisco Talos Threat Intelligence team said in blog post. “We hope 4CAN will give researchers and car manufacturers the ability to test their on-board computers for potential vulnerabilities.”
“While vehicles and components employ Wi-Fi, Bluetooth, and cellular communication protocols, the backbone of a vehicle’s network is a Controller Area Network (CAN), also referred to as the ‘CAN bus.’ In a secure configuration, the critical components such as airbags and brakes communicate on separate CAN buses from the non-critical components, such as the radio or interior lights.
“Compromising the CAN bus can lead to total control of the vehicle, making it a prime target for pen testers and malicious attackers. Often, attacks against peripheral components such as Wi-Fi or LTE are ultimately an attempt to gain access to the CAN bus.”