The Controller Area Network (CAN) bus has been mandated in all cars sold in the United States since 2008. But CAN is terrible in many unique and disturbing ways. CAN has served as a convenient punching bag for automotive security researches for a plethora of reasons, but all of the available analysis tools share a shortcoming. They invariably use a microcontroller with a built-in CAN peripheral that automatically takes care of the low-level (ISO layer 1 and 2) communication details, and ensures that the CAN peripheral plays nicely and behaves at those low levels. However, a good hardware hacker understands that the sole purpose of the electron is to be bent to our will, and breaking assumptions by making “That CANT happen!” happen is a surefire way to find bugs.
CANT is a (partial) CAN bus peripheral implemented in software that allows security researchers to exercise the electrical bus-level error handling capability of CAN devices. The ability to selectively attack specific ECUs in a manner that is not detectable by automotive IDS/IPS systems (see ICS-ALERT-17-209-01) is invaluable to automotive security researchers as more automakers integrate advanced security measures into their vehicles.
Tim Brom (@b1tbane) and Mitchell Johnson (@ehntoo) are security researchers at GRIMM, specializing in automotive vulnerability research. Their background includes specialized embedded software development, with a particular focus on the automotive and safety industries as well as background in other sectors including safety critical aerospace, and industrial control systems. They have contributed extensively to GRIMM’s open source “CanCat” CAN bus reverse engineering tool and on “3PO,” GRIMM’s mobile auto-hacking demonstration. Tim has also had publications about car hacking tools and techniques, like the recent Macchina M2.
Tim Brom (@b1tbane) and Mitchell Johnson (@ehntoo) are security researchers at GRIMM, specializing in automotive vulnerability research. Their background includes specialized embedded software development, with a particular focus on the automotive and safety industries as well as background in other sectors including safety critical aerospace, and industrial control systems. They have contributed extensively to GRIMM’s open source “CanCat” CAN bus reverse engineering tool and on “3PO,” GRIMM’s mobile auto-hacking demonstration. Tim has also had publications about car hacking tools and techniques, like the recent Macchina M2.