■■■■□ The Vehicle May Be Sick: Denial of Diagnostic Services by Exploiting the CAN Transport Protocol.
Hacking a Hyundai Elantra through the diagnostic protocol — and transferring a 4GB file over a CAN bus.
Security researchers Seungjin Baek, Seonghoon Jeong, and Huy Kang Kim published research focused on attacks against automotive diagnostic communication at the transport layer.
The paper outlines eight attack scenarios exploiting CAN transport protocol behavior, tested on a 2021 Hyundai Elantra CN7. Three attacks reportedly succeeded in real diagnostic environments and could potentially cause real-world impact.
One notable detail: a standard CAN frame carries only 8 bytes of data, but ISO-TP allows larger diagnostic messages to be fragmented and reassembled — enabling transfers theoretically up to 4GB over diagnostics.
Paper: “The Vehicle May Be Sick: Denial of Diagnostic Services by Exploiting the CAN Transport Protocol” [PDF]
https://arxiv.org/abs/2604.23617