“Don’t look at the ‘CANCAN’ (Hebrew: pitcher), look at what’s contained inside” is a Hebrew idiom, equivalent to the English idiom “Don’t judge a book by its cover”. The Controller Area Network (CAN) bus protocol allows communication between various components inside most modern-day vehicles. The introduction of the new Controller Area Network Flexible Data-Rate (CAN-FD) protocol allows for faster communication with a larger number of data bytes per message. As these protocols are used for passing critical messages between different components, many attacks were found, and many security measures were proposed to solve or restrict them. The CANCAN attack published June 2021 presented the ability to craft a CAN-FD message encapsulating other CAN/FD messages. This attack was shown to potentially circumvent security measures. However, this attack sufferred from a very low probability of working, as the most promising scenario depended on a bit flip at a specific point in time.
In this talk, a new variant called Aggressive-Passive is presented, allowing the CANCAN attack to be mounted close to deterministically. Furthermore, this talk will show how existing security solutions do not mitigate this attack and will propose effective mitigation solutions against it.
Matan Ziv is a Principal Cyber Security Researcher at Cymotive Technologies specializing in vulnerability research. Matan has over 15 years of experience in the embedded security field. His work for the last 8 years has been focused on automotive security, firmware binary analysis and tool development. As part of his contribution to the research community he has developed an open-source IDA plugin tool called "Oregami", helping with the handling of information flow through registers in the disassembly code of embedded systems. Matan first presented the CANCAN attack at Escar USA 2022, and is eager to present his findings extending his previous research.