The Controller Area Network (CAN), one of the main communications networks in an automobile, is headed for a security overhaul — if not a wholesale replacement.
Initially devised in the 1980s to allow electronic components in a vehicle to communicate directly without a central computer in between, the CAN bus has become a growing security risk as more functions are automated and integrated into a central logic system. It has been the subject of numerous high-profile security attacks, where hackers have been able to take control of a vehicle and actuate its brakes, and the threat is only increasing with rising levels of autonomy.
A modern CAN bus connects dozens of electronic control units (ECUs), each consisting of a microcontroller responsible for the operation of a specific vehicle function such as airbags, antilock braking, cruise control, or power windows. Interconnecting all of these functions enables a wide variety of convenience and safety features, such as the automatic enablement of the rear-view camera as soon as the driver shifts to reverse or the automatic braking of the vehicle when proximity sensors detect an obstacle. Nevertheless, the CAN bus was never designed with security in mind.