Recent advancements in 3D-printing/additive manufacturing has brought forth a new interest in the use of Controller Area Network (CAN) for multi-module, plug-and-play bus support for their embedded systems. CAN systems provide a variety of benefits that can outweigh typical conventional wire-loom protocols in many categories. However, implementation of CAN also brings forth vulnerabilities provided by its spoofable, destination-encoded shared communication bus. These vulnerabilities result in undetectable fault injection, packet manipulation, unauthorized packet logging/sniffing, and more. They also provide attackers the capability to manipulate all sensor information, commands, and create unsafe operating conditions using only a single compromised node on the CAN network (bypassing all root-of-trust in the modules). Thus, malicious hardware requires only a connection to the bus for access to all traffic. In this paper, we discuss the effects of repurposed CAN-based attacks capable of manipulating sensor data, overriding systems, and injecting dangerous commands on the Controller Area Network using various entry methods. As a case study, we also showed a spoofing attack on critical data modules within a commercial 3D printer.

翻译：近年来，3D打印/增材制造技术的进步催生了将控制器局域网络（CAN）用于其嵌入式系统多模块即插即用总线支持的新需求。CAN系统在多个方面提供了超越传统线束协议的诸多优势。然而，CAN的实现也带来了由其可欺骗、目标编码的共享通信总线所引发的漏洞。这些漏洞导致不可检测的故障注入、数据包篡改、未授权的数据包记录/嗅探等问题，并使攻击者能够仅通过CAN网络上的单个受损节点（绕过模块中所有信任根）操纵所有传感器信息、指令，并创建不安全的运行条件。因此，恶意硬件只需连接至总线即可访问所有通信流量。本文讨论了通过多种接入方式在控制器局域网上实施的、基于CAN的重利用攻击影响，这些攻击能够操纵传感器数据、覆盖系统并注入危险指令。作为案例研究，我们还展示了对商用3D打印机关键数据模块的欺骗攻击。