This paper discusses the robustness of machine learning-based intrusion detection systems (IDSs) used in the Controller Area Networks context against adversarial samples, inputs crafted to deceive the system. We design a novel methodology to deploy evasion attacks and address the domain-specific challenges (i.e., the time-dependent nature of automotive networks) discussing the problem of performing online attacks. We evaluate the robustness of state-of-the-art IDSs on a real-world dataset by performing evasion attacks. We show that, depending on the targeted IDS and the degree of the attacker's knowledge, our approach achieves significantly different evasion rates.