Recent advancements in 3D-printing/additive manufacturing has brought forth a new interest in the use of Controller Area Network (CAN) for multi-module, plug-and-play bus support for their embedded systems. CAN systems provide a variety of benefits that can outweigh typical conventional wire-loom protocols in many categories. However, implementation of CAN also brings forth vulnerabilities provided by its spoofable, destination-encoded shared communication bus. These vulnerabilities result in undetectable fault injection, packet manipulation, unauthorized packet logging/sniffing, and more. They also provide attackers the capability to manipulate all sensor information, commands, and create unsafe operating conditions using only a single compromised node on the CAN network (bypassing all root-of-trust in the modules). Thus, malicious hardware requires only a connection to the bus for access to all traffic. In this paper, we discuss the effects of repurposed CAN-based attacks capable of manipulating sensor data, overriding systems, and injecting dangerous commands on the Controller Area Network using various entry methods. As a case study, we also showed a spoofing attack on critical data modules within a commercial 3D printer.
翻译:最近三维打印/添加制造的进展使人们对使用控制区网络(CAN)为其嵌入系统提供多模块、插头和游戏总线支持产生了新的兴趣。CAN系统提供的各种好处可能超过许多类别典型的常规铁丝网协议。然而,CAN的实施还带来了其可吹嘘的、目的地编码的共用通信大客车所提供的弱点。这些弱点导致无法检测的过失注入、包装操纵、未经授权的包装记录/嗅探等等。这些弱点还使攻击者有能力利用CAN网络上一个单一的失密节点来操作所有传感器信息、命令和创造不安全的操作条件(绕过该模块中的所有信任根部位)。因此,恶意硬件只需要与公共汽车连接才能进入所有交通。在本文中,我们讨论了重新定位的CAN攻击的影响,这些攻击能够操纵传感器数据,超越系统,并用各种进入方法向C主计长区域网络注射危险指令。作为案例研究,我们还展示了对商用三维打印机中关键数据模块的打击。