Towards an Integrated Penetration Testing Environment for the CAN Protocol

  • Giampaolo BellaEmail author
  • Pietro BiondiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11094)


The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored—although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously exploited. This manuscript describes the early steps towards a larger goal, that of integrating the various CAN pentesting activities together and carry them out holistically within an established pentesting environment such as the Metasploit Framework. In particular, we shall see how to build an exploit that upsets a simulated tachymeter running on a minimal Linux machine. While both portions are freely available from the authors’ Github shares, the exploit is currently subject to a Metaspoilt pull request.


  1. 1.
    International Organization for Standardization: Road vehicles – Controller area network (CAN) – Part 1: Data link layer and physical signalling (2015).
  2. 2.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21, 993–999 (1978)CrossRefGoogle Scholar
  3. 3.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996). Scholar
  4. 4.
    Needham, R.: Keynote address: the changing environment. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 1–5. Springer, Heidelberg (2000). Scholar
  5. 5.
    Valasek, C., Miller, C.: Remote Exploitation of an Unaltered Passenger Vehicle (2015).
  6. 6.
    Valasek, C., Miller, C.: CAN Message Injection (2016).
  7. 7.
    Smith, C.: The Car Hacker’s Handbook: A Guide for the Penetration Tester, 1st edn. No Starch Press, San Francisco (2016)Google Scholar
  8. 8.
    Meier, J.N.: Kayak (2014).
  9. 9.
  10. 10.
    Chris Valasek, C.M.: Adventures in Automotive Networks and Control Units (2014).
  11. 11.
    Biondi, P.: Crazy-tachymeter (2018).
  12. 12.
    Biondi, P.: Crazytachymeter, exploit for can-bus (2018).

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Dipartimento di Matematica e InformaticaUniversità di CataniaCataniaItaly

Personalised recommendations