Today the DHS ICS-CERT published a control system security alert
for a vulnerability in the CAN Protocol that allows for a denial-of-service
(DoS) attack. A public disclosure of the vulnerability is the reason for the
alert, even though the researchers (Andrea Palanca, Eric Evenchick, Federico
Maggi, and Stefano Zanero) coordinated with ICS-CERT before the exposure.
ICS-CERT reports that a sophisticated attacker, with
knowledge of the CAN bus protocol and physical access to the system can exploit
the vulnerability to conduct a DoS attack. Whether or not a system employing
the CAN bus protocol will be vulnerable will depend on the implementation of
the system.
Posts
No comments:
Post a Comment