Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

New Tool From Cisco Hunts Flaws in Automotive Computers

Cisco has released a new hardware tool designed to help researchers, developers and automakers discover vulnerabilities in automobile computers. 

Cisco has released a new hardware tool designed to help researchers, developers and automakers discover vulnerabilities in automobile computers. 

Modern vehicles contain hundreds of sensors that feed information about the surrounding environment to the vehicle computer. These components deliver real-time information to the driver, connect the car to a network, and even automatically drive the vehicle, but they are susceptible to vulnerabilities in software, remote control, or abuse via physical-access. 

The global connected car market is expected to exceed $225 billion by 2025 and Cisco aims to help secure this emerging technology, with the release of a new hardware tool called 4CAN

Released as open-source, the tool is meant for all automobile security researchers who want to test their on-board computers for potential vulnerabilities. 

Access to the vehicle computer, Cisco notes, is possible via Wi-Fi, Bluetooth, or cellular communication protocols, but the backbone of a vehicle’s network is a Controller Area Network (CAN). Typically, a car has multiple CAN buses combined with a gateway, and vehicles that Cisco’s researchers tested have 4 CAN buses. 

While devices that allow testing of the CAN bus do exist, each with pros and cons, none provides the ease of use Cisco was looking for. 

The 4CAN tool was designed to help validate communication policy for intra-CAN bus communication, for fuzzing (sending randomized payloads) components to identify vulnerabilities, to explore the CAN commands used to control/interact with the vehicle, and simplify a testbench setup to keep everything organized and in sync.

George Tarnovsky, a member of Cisco’s Customer Experience Assessment & Penetration Team (CX APT), is the originator or the 4CAN’s design, which was inspired by and is loosely based on the IndustrialBerry QUAD CAN BUS adapter for Raspberry CanBerry. 

Advertisement. Scroll to continue reading.

“Using 4CAN, the test bench setup is vastly simplified. With a single Raspberry Pi, we can simultaneously test four CAN channels, and since the 4CAN exposes the entire 40-pin GPIO header, we can remotely control the test vehicle,” Cisco explains. 

The 4CAN tool has been released in open source and is available on GitHub, licensed under a Creative Commons Attribution Share-Alike license.

Related: Connected Cars Could be a Threat to National Security, Group Claims

Related: Mitsubishi Develops Cybersecurity Technology for Cars

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.