
DHS warns about CAN bus vulnerabilities in small aircraft - LinuxBender
https://www.zdnet.com/article/dhs-warns-about-can-bus-vulnerabilities-in-small-aircraft/
======
davismwfl
The CAN bus in most cars does not require removing panels or equipment to get
to a port. By design the OBD ports are generally easily accessible and usually
expose the CAN network through the main computer. So not sure I agree with
that conclusion.

I will agree that in some cars specific sub-systems can't be accessed through
the standard OBD port and to get to those CAN connections it would require
removing panels to get to the controller etc.

------
java-man
They mentioned some mitigation strategies used in automotive. Could someone
please explain what those are, specifically?

~~~
davismwfl
Some automotive manufacturers have gotten more sophisticated with their
systems and prevent writing to safety critical systems or to protected areas
on the board. But I am not sure I agree with the conclusion that the CAN
network in a car is anymore secure than what the article describes in regards
to airplanes.

I am not a security researcher but have done plenty of embedded work and
specifically wrote decoders for some vehicle systems. I definitely don't feel
like an expert here, but I am not sure the conclusions are valid in relation
to automotive, at least in my experience.

~~~
java-man
Thank you.

Let's say we want to create a CAN bus which makes it impossible to listen to /
inject non-authorized input even when the adversary has physical access to the
bus.

This means encrypted traffic and a (possibly shared) key maintained by each
device on the bus, or only the critical devices.

There is still a possibility of DoS attack on the bus, or tampering with the
packets by injecting noise.

Does anyone know if the capability to encrypt CAN bus traffic even exists?

~~~
davismwfl
To be fair, there are multiple forms of CAN now in usage too. With CAN FD
being the latest IIRC. So some of this will depend on which standard is being
followed, although at their core they function nearly the same.

The overall nature of CAN is if you have access to it you can listen, so it
isn't designed to prevent participation itself. There isn't a way of excluding
a node without custom hardware/software as every node sees all data in a
standard CAN bus. Yes, you can do a DoS attack on the bus, tampering with the
packets is tougher but not impossible. There are essentially CAN firewalls
that can be setup which can limit the damage and there are some companies that
make software/hardware that act like a sink to control/stop a bad node or
unauthorized access.

The most common thing is during CAN connection to require registration and
some form of a key infrastructure. Without that your node is essentially
ignored, although the network is still subject to your node essentially DoS
the network by holding the lines low/high. This is how I have handled basic
security and node control prior. But you can do things like a firewall with
network segmentation, which works really well too.

Encrypting CAN can be done, but by design CAN is not a super high throughput
bus (new FD is fairly fast) and is designed for multiplex messaging, so it can
be quite costly to encrypt data going across it. But there are solutions for
encrypting CAN and it is done.

