The Controller Area Network standard on connected cars may have a flaw that is unable to be fixed, according to researchers in America.
The website Naked Security by Sophos reports that the NCCIC/ICS-CERT (National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Readiness Team) has found that the hackable flaw in the Controller Area Network (CAN) bus standard that could enable denial of service attacks affecting brakes, airbags and power steering is unfixable.
The report says that trying to patch the flaw – which applies to virtually every modern car, not just a single brand or model – would require “changing how the CAN standard works at its lowest levels”.
The report adds that even if physical danger was not the goal, attackers could use it to demand a ransom for the owner to be able to start the car, or could prevent the doors from being locked and that this type of attack would be more stealthy than previous types and, because the attack is based on CAN protocol weaknesses, “all CAN bus implementations by all manufacturers are vulnerable,” they wrote.
Beyond that, they conclude that the, “barrier to entry is extremely low.”