Cisco releases 4CAN tool to find vulnerabilities in on-board car computers
Cisco recently released an open-source test tool called 4CAN to help security personnel detect vulnerabilities in onboard car computers systems. Modern car manufacturers will install a large number of sensors on the vehicle to provide various real-time information to the on-board computer and connect the in-vehicle system to the network. However, while bringing convenience, these onboard components also pose a potential safety risk to the vehicle. Experts say hackers can launch attacks against in-vehicle computer systems by using Wi-Fi, Bluetooth or cellular communication protocols.
Cisco said that the core of the onboard car computer system is the Controller Area Network (CAN), and 4CAN allows the technician to test four CAN bus at the same time, and greatly simplifies the relevant settings to better help the technicians to identify the vulnerability. The staff disclosed that the 4CAN tool can verify the communication strategy of the internal CAN bus communication and randomly send a payload to detect CAN commands for controlling/interacting with the vehicle.
Cisco has released an open-source version of 4CAN, and technicians can download the product from GitHub after obtaining the Attribution-ShareAlike 3.0 license.