Author Topic: smart car thieves use CAN injection  (Read 3441 times)

0 Members and 1 Guest are viewing this topic.

Offline JPortici

  • Super Contributor
  • ***
  • Posts: 3476
  • Country: it
Re: smart car thieves use CAN injection
« Reply #25 on: May 03, 2023, 01:33:57 pm »
Note that unlike "classic" CAN, CAN FD and (particularly) CAN XL allow the implementation of authentication and cryptography.

Sorry, but that sounds like marketing wank to me.

(laughs)  Maybe it is :)  But the longer data length field and/or higher bit rates make it more practical compared to classical CAN.  CAN-XL has an explicit SEC bit in the frame header that indicates use of the CADsec protocol, so security and authentication are an explicit part of the protocol (vs. a bolt-on approach in CAN and CAN-FD)

Not commenting on the large payloads :) a problem more or less solved by automotive ethernet already, and i find that to be necessary only when uploading a new firmware (cameras and the like already use dedicated, more suitable buses) though i can appreciate if CAN/CAN-FD/CAN-XL can live on the same bus

Offline Zucca

  • Supporter
  • ****
  • Posts: 4377
  • Country: it
  • EE meid in Itali
Re: smart car thieves use CAN injection
« Reply #26 on: June 01, 2023, 02:36:52 am »
I am working since 2006 in a big german car company....
I left development and become a test (driver) because it was almost impossible to implement nice idea...
The security department was always turning them down or making them impossible to implement.

The result? You buy today a black box that not even the dealers can fix...

I will never buy something produced after in the last five years.... totally a encrypted and not reparable black box.
Can't know what you don't love. St. Augustine
Can't love what you don't know. Zucca

Offline Jeroen3

  • Super Contributor
  • ***
  • Posts: 4080
  • Country: nl
  • Embedded Engineer
Re: smart car thieves use CAN injection
« Reply #27 on: June 01, 2023, 06:08:12 am »
Let me predict the future on this.

Say in a few years they do implement some security features in cars to prevent this kind of injection attack.
There will come online a video on youtube from a certain Louis lashing out to [car manufactuerer] that it is ridiculous that when a small car repair shop wants to replace a headlight they need to rent the expensive [car brand] software and adapter and pay membership to get enrolled into a [car brand]-repair program to simply swap the headlight to the ECU. Repairing the headlight unit is already impossible because it's welded shut. "It's like they don't want us to repair things!" he then complains, there should be laws against this!

Offline magic

  • Super Contributor
  • ***
  • Posts: 6860
  • Country: pl
Re: smart car thieves use CAN injection
« Reply #28 on: June 01, 2023, 07:51:16 am »
Usually there are two solutions to computer security problems: stop doing stupid things in the first place, or throw more stupid things at the problem to make practical attacks harder.

The latter typically happens not because it's unavoidable, but because somebody (maybe at marketing, design, etc) doesn't want to hear about the former...

This is also the reason why smart appliances (those on four wheels included) will never become secure, no matter the effort. They only get more stupid.
« Last Edit: June 01, 2023, 07:56:41 am by magic »

Offline Ed.Kloonk

  • Super Contributor
  • ***
  • Posts: 4000
  • Country: au
  • Cat video aficionado
Re: smart car thieves use CAN injection
« Reply #29 on: June 01, 2023, 09:24:40 am »
My local TV news reports on random crime involving a stolen car. Every time, it seems, that the get away car(s) involved are BMWs. Not every time, but noticing it very often.

iratus parum formica

Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo