Protecting Our Community from the Hidden Vulnerabilities of Today’s Intelligent Transportation Systems

The ever-evolving technology interwoven into the transportation industry leaves it frequently at risk for cyber-attacks. This study analyzes the security of a common in-vehicle network, the Controller Area Network (CAN), standard in most vehicles being manufactured today. Like many other networks, CAN comes with inherent vulnerabilities that leave CAN implementations at risk of being targeted by cybercriminals. Such vulnerabilities range from eavesdropping, where the attacker can read the raw data traversing the vehicle, to spoofing, where the attacker can place fabricated traffic on the network. The research team initially performed a simulation of CAN traffic generation followed by hardware implementation of the same on a test vehicle. Due to the concealed and untransparent nature of CAN, the team reverse-engineered the missing parameters through a series of passive "sniffing attacks" (attacks using data reading utilities called packet sniffers) on the network and then demonstrated the feasibility of the attack by placing fabricated frames on the CAN.