With ever-increasing automotive vehicle connectivity, we face a seemingly endless barrage of newfound security vulnerabilities that exploit design oversights, software bugs, and leaked information. Attackers have the luxury of repeatedly probing vehicles, needing only to find a single exploitable opportunity and have time and again demonstrated their ability to compromise vehicles, often grabbing media attention. As our vehicles gain more network connectivity, the cybersecurity threat against them only continues to grow.
Many of these attacks are performed by injecting commands onto the vehicle Controller Area Network (CAN) bus through an exploited interface such as a cellular connection to an infotainment unit. The CAN bus protocol implicitly assumes every device on the bus can be trusted to only transmit the messages it is authorized to send. Furthermore, there is no mechanism for a receiver to determine which device sent a particular message. These design choices have become increasingly dangerous in a connected world, as the CAN bus is now exposed to remote attacks via attached devices with internet connections. A single compromised device is capable of impersonating any other device on the bus by spoofing its messages.
Addressing the need for tighter in-vehicle security, Mercury has announced the CANGuard™ security suite, a unique software solution designed to protect automotive vehicle data networks.