Towards an Integrated Penetration Testing Environment for the CAN Protocol

TL;DR

This paper discusses the development of an integrated penetration testing environment for the CAN protocol, aiming to assess its vulnerabilities comprehensively within existing pentesting frameworks like Metasploit.

Contribution

It introduces an approach to unify CAN pentesting activities and demonstrates building a specific exploit within a popular pentesting environment.

Findings

Built a CAN exploit for a simulated tachymeter

Integrated CAN testing into Metasploit framework

Provided open-source tools for CAN security assessment

Abstract

The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored -- although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously exploited. This manuscript describes the early steps towards a larger goal, that of integrating the various CAN pentesting activities together and carry them out holistically within an established pentesting environment such as the Metasploit Framework. In particular, we shall see how to build an exploit that upsets a simulated tachymeter running on a minimal Linux machine. While both portions are freely available from the authors' Github shares, the exploit is currently subject to a Metasploit pull request.