3. Perform IoT Attacks
Most IoT devices come with security issues such as the absence of a proper authentication mechanism or the use of default credentials or absence of a lock-out mechanism
Last updated
Most IoT devices come with security issues such as the absence of a proper authentication mechanism or the use of default credentials or absence of a lock-out mechanism
Last updated
The Controller Area Network (CAN) protocol is a robust communication system that allows microcontrollers and devices to interact without a central computer. It uses a message-based approach for reliable data exchange, even in noisy environments. CAN is widely used in automotive industry due to its reliability and simplicity. In modern vehicles, CAN protocol is central to system communication, enabling connections between engine controls, brakes, and infotainment units. However, this interconnectivity can be exploited by hackers to manipulate vehicle functions, posing safety risks.
Here, we are using the ICSim tool to simulate CAN protocol and demonstrate how attackers sniff the transmitted packets and perform replay attack to gain basic control over the target.
Install the simulator
Now, to setup a virtual CAN interface issue following commands:
To check whether Virtual CAN interface is setup successfully, run ifconfig. Here, vcan0 interface is present which confirms that our Virtual CAN interface is setup successfully.
run cd ICSim to navigate to ICSim directory and execute make command to create two executable files for IC Simulator and CANBus Control Panel.
Run ./icsim vcan0 to start the ICSim simulator. You will see the IC Simulator interface
Similarly, execute ./controls vcan0 to start the CANBus Control Panel. You will see the CANBus Control Panel interface.
Now, we will start sniffer to capture the traffic sent to the ICSim Simulator by CANBus control panel simulator. To do so, open a new terminal tab and execute sudo su to run the programs as a root user (When prompted, enter the password toor). Navigate to ICSim directory to do so run cd ICSim/.
Execute cansniffer -c vcan0 to start sniffing on the vcan0 interface. Leave this sniffer on.
Open a new terminal and execute sudo su to run the programs as a root user (When prompted, enter the password toor). Navigate to ICSim directory to do so run cd ICSim/. To capture the logs run candump -l vcan0.
After starting to capture the logs, open ICSim and Controller simulator and perform functions such as acceleration, turning left/right, opening and locking doors so that logs are generated. Once you are done, terminate the ongoing process by pressing Ctrl + C.
| ICSim Functions | Keys |
|---|---|
Accelerate | Up arrow |
Left/Right Turn | Left arrow/ Right arrow |
Unlock Rear Left/Right doors | Right Shift + X / Right Shift + Y |
Unlock Front Left/Right doors | Right Shift +A / Right Shift + B |
Lock all doors | Hold Right Shift key + Tap Left Shift |
Unlock all doors | Hold Left Shift key + Tap Right Shift |
Now verify if you have obtained the log file by executing ls command.Now, to perform replay attack, run canplayer -I candump-2024-05-07_063502.log and press enter
Once the log file is executed, you can see the movements that were performed while creating the log file in real time in IC Simulator and CANBus control panel simulator.
