Bsides Cymru 2024

Modern Vehicle Sabotage
04-27, 16:10–16:20 (Europe/London), Sophia Room - Track 2

In modern vehicles, many functions that enhance convenience rely on the Controller Area Network (CAN-bus), which serves as an in-vehicle network connecting sensors and actuators. Despite being a three-decade-old technology, the CAN-bus remains prevalent due to its effectiveness and efficiency. However, it lacks essential security features for confidentiality, integrity, and availability, making it vulnerable in today's connected vehicle landscape. While a majority of research has been done to address the security features, there is a lack of attention given to the effects of these additional security features to other parts of the vehicle, such as the Event Data Recorder. If detrimental effects are present, then the security features fitted to combat CAN-bus vulnerabilities needs to be evaluated.

In this 10-minute talk, we will explore the critical role of the Controller Area Network (CAN-bus) in modern vehicles and its susceptibility to security vulnerabilities. Despite its age, the CAN-bus lacks essential security features, rendering it vulnerable to cyber threats in today's connected vehicle landscape. While efforts have been made to address these vulnerabilities, little attention has been given to assessing the potential impact of security measures on other vehicle components, particularly the Event Data Recorder (EDR). We will discuss the implications of this oversight and the importance of conducting comprehensive security assessments to ensure the integrity and functionality of connected vehicles. Through simulation based experiments, we will underscore the need for holistic approaches to CAN-bus security and highlight avenues for future research and development in the field. Join us as we navigate between security features and vehicle functionality, aiming to pave the way for safer and more resilient connected vehicles.

Indonesian student, studying for a better future.