[Cerowrt-devel] can bus attack

[Cerowrt-devel] can bus attack

[Dave Taht]

The biggest bug with the early fq_codel deployment was that it dropped
from head and fq'd which led to the prospect of messages sent out of
order on the can protocol, which was not designed for that.. After
much thought, we ended up overriding the default fq_codel qdisc, for a
fifo, for the can bus devices, but there were a few years there where
fq_codel was the default for can, in openwrt, which sometimes keeps me
awake at night.

This set of security bugs is bigger and essentially a message flood
attack on a FIFO, making it possible to steal a car via accessing the
headlamp, using a 10 dollar adaptor. Fascinating reading.

https://kentindell.github.io/2023/04/03/can-injection/


--
AMA March 31: https://www.broadband.io/c/broadband-grant-events/dave-taht
Dave Täht CEO, TekLibre, LLC

Re: [Cerowrt-devel] can bus attack

[Sebastian Moeller]

Hi Dave,


> On Apr 14, 2023, at 06:04, Dave Taht via Cerowrt-devel <cerowrt-devel@lists.bufferbloat.net> wrote:
> 
> The biggest bug with the early fq_codel deployment was that it dropped
> from head and fq'd which led to the prospect of messages sent out of
> order on the can protocol, which was not designed for that..

	[SM] How did CAN react to this bug? Fixing its design or simply requiring in-order-delivery?

> After
> much thought, we ended up overriding the default fq_codel qdisc, for a
> fifo, for the can bus devices, but there were a few years there where
> fq_codel was the default for can, in openwrt, which sometimes keeps me
> awake at night.

	[SM] How many critical CAN bus implementations actually use OpenWrt? I thought CAN is big in automobiles, so if any of those use OpenWrt that would be interesting news ;)


> This set of security bugs is bigger and essentially a message flood
> attack on a FIFO, making it possible to steal a car via accessing the
> headlamp, using a 10 dollar adaptor. Fascinating reading.
> 
> https://kentindell.github.io/2023/04/03/can-injection/

	[SM] It appears automobile designers assumed a non-adversarial environment, which is odd given that 3rd party diagnostic dongles that interface with the car network/bus have been a thing for years.
	I guess the good thing is that we do have some well-tested techniques to harden such a design (that are unlikely to be retro-fitable into existing cars, assuming that vendors actually still care about older models anyway).

Regards
	Sebastian


> 
> 
> --
> AMA March 31: https://www.broadband.io/c/broadband-grant-events/dave-taht
> Dave Täht CEO, TekLibre, LLC
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

Re: [Cerowrt-devel] can bus attack

[Bill Woodcock]

> On Apr 14, 2023, at 8:08 AM, Sebastian Moeller via Cerowrt-devel <cerowrt-devel@lists.bufferbloat.net> wrote:
>> there were a few years there where
>> fq_codel was the default for can, in openwrt, which sometimes keeps me
>> awake at night.
> 
> [SM] How many critical CAN bus implementations actually use OpenWrt? I thought CAN is big in automobiles, so if any of those use OpenWrt that would be interesting news ;)

It’s also widely used in factory-floor and assembly-line automation.

                                -Bill