In the June issue of the CAN Newsletter magazine a mistake has slipped in.
Last week the June edition of the annual CAN Newsletter magazine went online. Unfortunately, in the second part of the CAN security article series, a mistake has crept in. The sentence “However, a hijacked device can still flood the network with allowed CAN messages and seriously limit the available bandwidth or perform a denial-of-service attack.” is wrong.
We now have corrected the description of NXP transceivers and their flooding protection. It must say: “In addition, the provided flooding protection limits the bandwidth produced by transmitting frames to a configurable value.”
You can download the new version here: 2/2018: Olaf Pfeiffer, Christian Keydel (EmSA) - Security expectations vs. limitations.
Of course, the full magazine includes the updated article now, too.