What is Vehicle CAN bus and why do you need to care

Modern cars consist of a number of different computer components, called Electronic Control Units (ECUs). The network inside the car that allows ECUs to communicate with each other is called CAN (Controller Area Network). If this network is accessed remotely given the current flawed designs of these networks in-terms of security, the vehicle could be hacked.

Adam Ali - Digital Transformation Expert

. Adam Ali 🦋 . March 02, 2019
8 . 0

Overview

You probably heard about Autonomous Vehicles/Self-Driving Vehicles or Connected Vehicles. You might even be already driving one of those vehicles. While those vehicles promise huge benefits, in travel time, safety, entertainment and environment, there are key threats associated with them. Hacking (a third party taking control of the vehicle remotely) is the greatest threat associated with those vehicles. Hacked vehicles could cause significant harm to people and property. Just imagine a vehicle being hacked and redirected to stop in the middle of a level-crossing as a train approaches.

A connected vehicle is a vehicle that is connected to internet usually for the purpose of offering connected services like:

Remote Vehicle Diagnostics
Automatic Dealer Maintenance Notification
Automatic Crash Response
Stolen Vehicle Assistance
Fleet Management and Vehicle Telematics

For some of the services above to function, it require remote access to the vehicle CAN bus. If the vehicle is connected to internet and have the ability for its CAN bus to be accessed remotely, then the vehicle is likely to be hacked. The current vehicle network architecture has lots of flaws and a complete redesign of the vehicle CAN bus might be necessary with several security controls placed to minimise the risk of getting the vehicle hacked.

The big question here is, What is CAN bus?. A quick answer for that would be, it is the network inside a typical modern car where control commands for various components inside the vehicle travel.

Throughout this article, you would gain great deal of knowledge on the network inside a typical modern vehicle called Controller Area Network (CAN). To make things easy to understand, I would dive into details of one of the most retrofitted component inside that network which is the Head Unit/infotainment system. The Head Unit/Infotainment system is likely to be connected to internet for better entertainment and navigation experience. Also it is highly likely to be connected to the vehicle CAN bus. We will be using Evoque 2016 throughout this article as an example of a modern vehicle that has a CAN bus network.

Controller Area Network (CAN)

Modern cars consist of a number of different computer components, called Electronic Control Units (ECUs). A typical car contains from 20-100 ECUs, with each ECU being responsible for one or more particular features of the vehicle. For example, DCU (Door Control Unit) is the ECU that controls and monitors various accessories in the car door. Driver DCU offers features like automatic window movement, close-open door, mirror folding, child lock safety, and mirror adjustment.

Digital Transformation: Vehicle CAN Bus Security Risks

CAN bus is a set of 2 electrical wires (CAN_Low & CAN_High) in the car network where information can be sent to and from ECUs. The network inside the car that allows ECUs to communicate with each other is called CAN (Controller Area Network). In Evoque, the CAN network is divided into subnetworks connected together using a Gateway Module ECU. Every ECU with it's CAN controller and CAN Transceiver is called a node.

ECUs need to pass data to one another so they can make decisions on how to act. For example, If you open the door of your car, a message would be sent on the Comfort CAN to communicate that the car door is open. Then it would get picked up by AHU-Audio System ECU and get displayed on the Touch Screen. Another example, if reverse gear were to be selected:

A message would be sent on the CAN bus to tell any interested ECU that reverse gear is selected.
The message would be picked up by AHU-Audio ECU which would make the rear view camera displayed on the Touch Screen, overriding the currently displayed information.
The message would also be picked up by the ECU that controls the reverse light to set it on.

Some ECUs communicate with the outside world as well as the internal vehicle network. These ECUs pose the biggest security risk. I will dedicate Part II of this article to discuss the security risks as well as controls to mitigate these risks.

The ECU that we will detail in this article is the AHU-Audio System (Audio Head Unit) ECU. This is the ECU where the Evoque Touch Screen is plugged to.

AHU-Audio System ECU

AHU-Audio System ECU in that version of Evoque is manufactured by Harman Automotive (https://www.harman.com). The Audio Head Unit (AHU) is located below the front right seat (for RHD, it is under the driver seat).

AHU-Audio System ECU has the following features:

1	Integrated (inside AHU) 4 channel Audio Amplifier Module (AAM)
2	AM/FM Radio
3	External media player inputs (USB & Auxilary port)
4	Bluetooth Connectivity
5	Navigation system with Secure Digital (SD) memory card updates
6	Voice Recognition

AHU-Audio ECU has a Quadlock 40 Pin connector connected to several components inside the vehicle including speakers, microphone, Comfort CAN System Bus, Steering wheel controls, power & ground.

Audio signals originate from the AHU (Radio, Music, Navigation, Phone, etc.) are passed to the vehicle speakers via hardwired connections (40 pin connector as per the above diagram). Audio signals generated by other vehicle systems (e.g. Anti-theft Alarm System, Parking Sensors alerts) are passed to the AHU on the Medium Speed (MS) Controller Area Network (CAN) comfort systems bus. The AHU processes the signals and passes the audio output to the speakers.

Evoque Touch Screen

On the Touch Screen, there are multiple switches that controls multiple functions. All of the switches actions (on/off) are passed to AHU-Audio System ECU except the parking aid switch which is passed directly to the Parking Aid Control Module (PAM-Parking Aid ECU) to activate/deactivate parking sensors.

While this particular model of the car is not a connected one, it can become a connected one if you retrofit a new Head Unit capable of connecting to internet. You can have a look at my article here that details how to transform your non-connected car to a connected one.

OBDII Port

Vehicle CAN Bus Security Risks gathering in the Digital Age

OBD-II (On-board diagnostics II) port (refer to Controller Area Network Illustration in the previous section), is the vehicle self-diagnostic and reporting capability.

If you want to get more details about CAN and ECUs in your car, you need to get OBD2 Port tool. Gap Diagnostic tool is only suitable for Land Rover cars. If you don't have a Land Rover car, you can search on Amazon or eBay and you would find heaps of close or similar tools.

Conclusion & Takeaways

Notice of Non-Affiliation and Disclaimer: The author of the article is not affiliated, associated, authorized, endorsed by, or in any way officially connected with any of the product vendors (Landrover, Harman, Merryway, Gap Diagnostic) mentioned in this article, or any of its subsidiaries or its affiliates.

Vehicle CAN Bus
Controller Area Network
Evoque
Connected Vehicles
Head Unit
Land Rover
InControl Touch

Share article with others on your favourite social media network

About the Author

Adam Ali 🦋

Adam is an End-2-End Solution Architect & Digital Transformation (DX) Expert across several verticals. He has more than 17 years of experience in design, development, and integration of end-2-end robust solutions with particular attention to security (APIs & Apps), high performance, scalability and high availability.

All author posts