Friday, July 28, 2017

ICS-CERT Publishes CAN Bus Alert

Today the DHS ICS-CERT published a control system security alert for a vulnerability in the CAN Protocol that allows for a denial-of-service (DoS) attack. A public disclosure of the vulnerability is the reason for the alert, even though the researchers (Andrea Palanca, Eric Evenchick, Federico Maggi, and Stefano Zanero) coordinated with ICS-CERT before the exposure.

ICS-CERT reports that a sophisticated attacker, with knowledge of the CAN bus protocol and physical access to the system can exploit the vulnerability to conduct a DoS attack. Whether or not a system employing the CAN bus protocol will be vulnerable will depend on the implementation of the system.

No comments:

/* Use this with templates/template-twocol.html */