<p><pre><code> our attack can be enabled with any remotely exploitable
vulnerability that allows the attacker to reprogram the
firmware of an ECU (e.g., the infotainment system).
</code></pre>
I will be honest, it seems very unprofessional if vehicle safety engineers have allowed complex, network-connected entertainment systems to have write access to the same CAN bus that the brakes and throttle are on.<p>After all, if a hacker can remotely reprogram anything on that CAN bus, for sure they can remotely trigger a fatal crash.
Generically (and IMHO) the original "bad" idea remains that of mixing together the actual "security related" and "vehicle operation" items with the entertainment and navigaton system AND allowing external connections (via SIM or similar, OTA and the like).<p>It is just like most computer vulnerabilities, the ones requiring physical access have in my opinion an almost null impact in practice (if such a physical access is made difficult or impossible), whilst anyhting "remote" is really preoccupying.<p>One of the suggested mitigations of putting the OBD-II connector inside a hardware locked case (presumably with a mechanic lock with key, IMHO safer than an electronic one with a password) goes in this direction, no physical access, less risk.
tl;dr if you have physical access to the CAN bus, you can cause enough errors to render it inoperable, by tampering with CAN frames and flipping bits around.<p>If you have physical access to the CAN bus you can also make it inoperable by shorting the two wires together... not sure the takeaway is supposed to be with this.
As I'm currently on vacation I don't have the means to study this further, but on the quick lookout I found at least one problem in how this is described. If I understand correctly it alters frames so that the device goes off bus. From their claims this is not detectable with modern tools. If I'm not missing something then I can guarantee you that the dashboard reports errors when a device is off bus. Also at least modern VW and BMW vehicles offer a lot of data (to the diagnostic tool) on the state of the can networks (dropped frames/etc). I'll have to dig deeper, but on the first glance it looks like they found a way to buss off devices, but over-prpmise on the stealthines of the vuln.<p>Edit: typos
Interesting in that fixing it would be difficult, as it's a documented part of the protocol.<p>I suppose, though, manufacturers could at least focus on isolating the OBD-II port from most of the CAN bus, and putting the unfirewalled CAN bus connectors in a place that's harder to get to. There seems to be a lot of variation there now. Some cars isolate at least some functions, others have the OBD-II port completely connected to everything.
I am surprised how this is news seeing how it is an obvious mechanism to anyone working with CAN. If you have access to the CAN bus you can pump whatever message you want on the bus since it has no authentication.
Techmeme summary: <i>Researchers find indefensible vulnerability in CAN protocol that controls airbags and sensors including antilock brakes in all modern vehicles</i>