The vulnerability, hidden deep in the design of all modern cars, allows the attacker with local or even remote access to the vehicle to disconnect his various systems (including airbags, brakes, parking sensors and t. The problem affects the CAN protocol, widely used in modern cars to provide communication between internal components.

The vulnerability was discovered by the joint efforts of experts from the Technical University of Milan, Linklayer Labs, and Trend Micro FTR. According to them, the problem is not a vulnerability in the usual sense of the word. The hitch lies in the principle of the protocol itself and for its elimination it would have to change how CAN works at the lowest levels. Therefore, it is not possible to issue a fix for the vulnerability. Manufacturers of cars can only reduce risks by taking some security measures.

According to the researchers, to fully solve the problem, it is necessary to update the CAN standard and use a new version of it in the automotive industry. In fact, it will take a long time. The usual recall of cars or the distribution of updates "by air" here will not work, since it will be necessary to release a whole generation of new cars.

Vulnerability allows DoS attack.

For its operation, it is enough to connect a special device to the CAN bus through the local open port of the car.

CAN (Controller Area Network) - the standard of an industrial network, focused primarily on the integration into a single network of various actuators and sensors. Transmission mode - serial, broadcast, packet. CAN was developed by Robert Bosch GmbH in the mid-1980s and is now widely distributed in industrial automation, smart home technologies, the automotive industry and many other areas. Standard for automotive automation.