As vehicles grow more connected and software-driven, the need for robust automotive cyber security has become a pressing concern. One of the most critical vulnerabilities lies within the Controller Area Network (CAN bus), the communication backbone that links nearly every electronic control unit (ECU) inside a modern car. While standards like ISO 21434 now guide the automotive industry in managing cybersecurity risks, the inherent design limitations of the CAN bus continue to pose significant challenges.
What is the CAN Bus?
The Controller Area Network (CAN) is a vehicle’s internal communication system that enables ECUs—such as those controlling braking, steering, airbags, and powertrains—to exchange messages in real time. It’s efficient, lightweight, and has been a mainstay in automotive architecture for decades. However, it was designed with safety and reliability in mind, not security.
Why the CAN Bus is Vulnerable
Unlike modern IT networks, the CAN bus:
- Lacks authentication: Any device connected to the network can transmit messages without verifying its identity.
- Lacks encryption: Data transmitted on the CAN bus is not encrypted, making it readable to anyone who taps into it.
- Is highly trusted: All ECUs trust messages they receive, assuming they are legitimate.
These design choices, while appropriate for isolated, legacy systems, leave the network exposed to various attack vectors in today’s connected environment.
Common CAN Bus Attacks
- Message Injection: Malicious actors can inject spoofed messages to disable safety systems, manipulate speed, or control steering.
- Denial of Service (DoS): Flooding the CAN network with high-priority messages can shut down normal communication.
- Man-in-the-Middle (MitM): Attackers can intercept and alter messages between ECUs.
- Physical Access Exploits: Gaining access through the OBD-II port or compromised devices allows direct injection of malicious commands.
CAN Bus Security and ISO 21434
ISO 21434 addresses such vulnerabilities by requiring automotive manufacturers and suppliers to perform thorough risk assessments and incorporate cybersecurity measures from concept through decommissioning. For CAN bus systems, this means:
- Conducting Threat Analysis and Risk Assessment (TARA) to identify potential exploits.
- Defining security requirements for message authentication and integrity.
- Designing network segmentation and intrusion detection systems (IDS) to monitor CAN traffic for anomalies.
While ISO 21434 doesn’t mandate specific technologies, it emphasizes a structured approach to managing cybersecurity risks—including those inherent in legacy architectures like CAN.
Mitigation Strategies for CAN Bus Security
To reduce exposure, automakers and security researchers are exploring several techniques:
- Message Authentication Codes (MACs): Add cryptographic checksums to messages.
- Gateway ECUs: Isolate critical systems from external interfaces like infotainment units or telematics modules.
- Intrusion Detection Systems (IDS): Monitor the network for patterns that suggest malicious activity.
- Firmware Updates: Patch vulnerabilities over-the-air (OTA) to respond to emerging threats.
Looking Ahead
While replacing CAN entirely with newer protocols like Ethernet is being considered for next-generation vehicles, millions of cars on the road today will continue to rely on this vulnerable protocol. As such, enhancing CAN bus security is not just an engineering challenge—it’s a critical component of protecting modern transportation infrastructure.
Conclusion
The CAN bus remains one of the most important—and most vulnerable—components in today’s vehicles. By integrating the principles of automotive cyber security and adhering to the guidelines of ISO 21434, automakers can significantly reduce the risk of cyberattacks. In a world where code now drives cars, securing that code—and the networks it runs on—is vital for safety, trust, and progress.
