Skip to main content
Springer Nature Link
Log in

Towards an Integrated Penetration Testing Environment for the CAN Protocol

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11094))

Included in the following conference series:

Abstract

The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored—although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously exploited. This manuscript describes the early steps towards a larger goal, that of integrating the various CAN pentesting activities together and carry them out holistically within an established pentesting environment such as the Metasploit Framework. In particular, we shall see how to build an exploit that upsets a simulated tachymeter running on a minimal Linux machine. While both portions are freely available from the authors’ Github shares, the exploit is currently subject to a Metaspoilt pull request.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. International Organization for Standardization: Road vehicles – Controller area network (CAN) – Part 1: Data link layer and physical signalling (2015). https://www.iso.org/standard/63648.html

  2. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21, 993–999 (1978)

    Article  Google Scholar 

  3. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61042-1_43

    Chapter  Google Scholar 

  4. Needham, R.: Keynote address: the changing environment. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 1–5. Springer, Heidelberg (2000). https://doi.org/10.1007/10720107_1

    Chapter  MATH  Google Scholar 

  5. Valasek, C., Miller, C.: Remote Exploitation of an Unaltered Passenger Vehicle (2015). http://illmatics.com/Remote%20Car%20Hacking.pdf

  6. Valasek, C., Miller, C.: CAN Message Injection (2016). http://illmatics.com/can%20message%20injection.pdf

  7. Smith, C.: The Car Hacker’s Handbook: A Guide for the Penetration Tester, 1st edn. No Starch Press, San Francisco (2016)

    Google Scholar 

  8. Meier, J.N.: Kayak (2014). https://github.com/dschanoeh/Kayak

  9. Rapid7: Metasploit framework. https://github.com/rapid7/metasploit-framework

  10. Chris Valasek, C.M.: Adventures in Automotive Networks and Control Units (2014). http://illmatics.com/car_hacking.pdf

  11. Biondi, P.: Crazy-tachymeter (2018). https://github.com/pietrobiondi/Crazy-Tachymeter

  12. Biondi, P.: Crazytachymeter, exploit for can-bus (2018). https://github.com/rapid7/metasploit-framework/pull/10127

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Matematica e Informatica, Università di Catania, Catania, Italy

    Giampaolo Bella & Pietro Biondi

Authors
  1. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pietro Biondi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Giampaolo Bella or Pietro Biondi .

Editor information

Editors and Affiliations

  1. Mälardalen University, Västerås, Sweden

    Barbara Gallina

  2. Norwegian University of Science and Technology, Trondheim, Norway

    Amund Skavhaug

  3. AIT Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  4. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bella, G., Biondi, P. (2018). Towards an Integrated Penetration Testing Environment for the CAN Protocol. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11094. Springer, Cham. https://doi.org/10.1007/978-3-319-99229-7_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99229-7_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99228-0

  • Online ISBN: 978-3-319-99229-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics