CYMOTIVE Technologies, the leading provider of smart mobility cyber solutions, announced its participation in the international automotive security event ESCAR USA taking place on June 15 -16, 2022. CYMOTIVE’s Principal Cyber Security Researcher, Matan Ziv, will present his research on the first day at 9:45 am EST entitled “CAN-in-CAN Attack for Bypassing Security”, revealing a new potential attack on the CAN-FD (Controller Area Network Flexible Data-Rate) vehicle communication protocol. Matan has named the vulnerability “CANCAN”, referring to an ancient proverb on looking inside a person for hidden truth.
Vulnerabilities in these common communication protocols carry significant ramifications for the cybersecurity readiness of many vehicle models. The CANCAN vulnerability allows one CAN-FD message to hide inside another. As the encapsulating message hiding the other will appear as valid, the CANCAN vulnerability may be used for circumventing various security measures.
Also Read: Smartly.io Appoints Ryan Jamboretz as President, Commercial & Partnerships
“We applaud Matan Ziv and the CYMOTIVE cybersecurity research team for this milestone in securing the automotive eco-system,” said Tsafrir Kats, CEO and Co-founder of CYMOTIVE Technologies. “The CANCAN vulnerability may affect any vehicle component implementing the CAN-FD protocol and those protocols currently in development, such as CAN-XL, unless specifically addressed. We encourage all car manufacturers and their suppliers to take note and consider mitigation of this vulnerability.”