[Bloat] can bus attack
Dave Taht
dave.taht at gmail.com
Fri Apr 14 00:04:31 EDT 2023
The biggest bug with the early fq_codel deployment was that it dropped
from head and fq'd which led to the prospect of messages sent out of
order on the can protocol, which was not designed for that.. After
much thought, we ended up overriding the default fq_codel qdisc, for a
fifo, for the can bus devices, but there were a few years there where
fq_codel was the default for can, in openwrt, which sometimes keeps me
awake at night.
This set of security bugs is bigger and essentially a message flood
attack on a FIFO, making it possible to steal a car via accessing the
headlamp, using a 10 dollar adaptor. Fascinating reading.
https://kentindell.github.io/2023/04/03/can-injection/
--
AMA March 31: https://www.broadband.io/c/broadband-grant-events/dave-taht
Dave Täht CEO, TekLibre, LLC
More information about the Bloat
mailing list