The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored-although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously exploited. This manuscript describes the early steps towards a larger goal, that of integrating the various CAN pentesting activities together and carry them out holistically within an established pentesting environment such as the Metasploit Framework. In particular, we shall see how to build an exploit that upsets a simulated tachymeter running on a minimal Linux machine. While both portions are freely available from the authors' Github shares, the exploit is currently subject to a Metaspoilt pull request.
Towards an Integrated Penetration Testing Environment for the CAN Protocol
Bella, G
;Biondi, P
2018-01-01
Abstract
The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored-although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously exploited. This manuscript describes the early steps towards a larger goal, that of integrating the various CAN pentesting activities together and carry them out holistically within an established pentesting environment such as the Metasploit Framework. In particular, we shall see how to build an exploit that upsets a simulated tachymeter running on a minimal Linux machine. While both portions are freely available from the authors' Github shares, the exploit is currently subject to a Metaspoilt pull request.File | Dimensione | Formato | |
---|---|---|---|
Towards an Integrated Penetration Testing Environment for the CAN Protocol.pdf
solo gestori archivio
Descrizione: PDF Paper
Tipologia:
Versione Editoriale (PDF)
Dimensione
1.64 MB
Formato
Adobe PDF
|
1.64 MB | Adobe PDF | Visualizza/Apri |
Towards an Integrated Penetration Testing.pdf
accesso aperto
Tipologia:
Documento in Post-print
Dimensione
552.21 kB
Formato
Adobe PDF
|
552.21 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.