New vulnerability discovery in common CAN-FD vehicle communication protocol
Ypsilanti, Michigan, June 14, 2022, CYMOTIVE Technologies, the leading provider of smart mobility cyber solutions, today announced its participation in the international automotive security event ESCAR USA taking place on June 15 -16, 2022. On the first day at 9:45 am EST, CYMOTIVE’s Principal Cyber Security Researcher, Matan Ziv, will present research entitled “CAN-in-CAN Attack for Bypassing Security”, revealing a new potential attack on the CAN-FD (Controller Area Network Flexible Data-Rate) vehicle communication protocol. Matan has named the vulnerability “CANCAN”, referring to an ancient proverb on looking inside a person for hidden truth.
Vulnerabilities in these common communication protocols carry significant ramifications for the cybersecurity readiness of many vehicle models. The CANCAN vulnerability allows one CAN-FD message to hide inside another. As the encapsulating message hiding the other will appear as valid, the CANCAN vulnerability may be used for circumventing various security measures.
“We applaud Matan Ziv and the CYMOTIVE cybersecurity research team for this milestone in securing the automotive eco-system,” said Tsafrir Kats, CEO and Co-founder of CYMOTIVE Technologies. “The CANCAN vulnerability may affect any vehicle component implementing the CAN-FD protocol and those protocols currently in development, such as CAN-XL, unless specifically addressed. We encourage all car manufacturers and their suppliers to take note and consider mitigation of this vulnerability.”
CYMOTIVE is also a sponsor of the ESCAR USA event taking place in the Ann Arbor Marriott Ypsilanti at Eagle Crest, in Ypsilanti, Michigan. If interested in meeting the CYMOTIVE cyber experts attending ESCAR, please contact us here.
For full details of the ESCAR USA, the program may be found here.
For the full research paper, “CAN-in-CAN Attack for Bypassing Security”, click here.
About CYMOTIVE Technologies
Founded in 2016 by top tier Israeli security experts, CYMOTIVE Technologies designs, develops and deploys cybersecurity solutions to solve the most complex challenges in the smart mobility market. With teams working from Israel, Germany, Sweden, and the U.S, CYMOTIVE offers a full lifecycle platform of solutions for secured development to post-production stages in the smart mobility ecosystem. The company’s customers include several manufacturers, smart cities and top tier suppliers of vehicles, fleets and other embedded solutions. For more information, visit www.cymotive.com
