Alexey Sintsov discusses security issues related to backdooring a car's head unit. He outlines potential reasons for deploying a backdoor like monetization, targeted attacks, or government/police surveillance. Sintsov then describes various methods for gaining unauthorized remote access to a car's systems through vulnerabilities in wireless components, software updates, and exploiting interfaces between modules. He warns that with connectivity increasing, threats like car-infecting worms may become possible if networks are not properly segmented and isolated. Throughout, Sintsov emphasizes the importance of securing vehicles to prevent unauthorized and potentially dangerous access or control.
OBD II (On-Board Diagnostics) stack, designed and developed by our expert automotive developers, is a set of embedded software services implemented in compliance with ISO 15031 standards for automotive.
Our automotive software developers implemented integration of SAE J1939 and OBD2 stacks with Freescale/NXP MCS9S12G controller. Our customer was looking for an automotive embedded systems partner with expertise in vehicle diagnostics, J1939 and OBD2 stacks integration and CAN/LIN interface development.
https://www.embitel.com/product-engineering2/embedded-casestudies/j1939-and-obd2-stack-integrations-with-iot-platform-for-fleet-safety
OBD II (On-Board Diagnostics) stack, designed and developed by our expert automotive developers, is a set of embedded software services implemented in compliance with ISO 15031 standards for automotive.
Our automotive software developers implemented integration of SAE J1939 and OBD2 stacks with Freescale/NXP MCS9S12G controller. Our customer was looking for an automotive embedded systems partner with expertise in vehicle diagnostics, J1939 and OBD2 stacks integration and CAN/LIN interface development.
https://www.embitel.com/product-engineering2/embedded-casestudies/j1939-and-obd2-stack-integrations-with-iot-platform-for-fleet-safety
Braking the Connected Car: The Future of Vehicle VulnerabilitiesPriyanka Aash
In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreats and how the next generation of in-car technology will intensify already-present vehicle vulnerabilities.
(Source: RSA USA 2016-San Francisco)
Copying the identity of one phone or SIM to another phone or SIM is known as sim or mobile phone cloning.
The bill for usage goes to legitimate subscriber.
Bruno Audoux - Connected Cars to the Net, IoTs on the RoadsNeotys_Partner
Since its beginning, the Performance Advisory Council aims to promote engagement between various experts from around the world, to create relevant, value-added content sharing between members. For Neotys, to strengthen our position as a thought leader in load & performance testing. During this event, 12 participants convened in Chamonix (France) exploring several topics on the minds of today’s performance tester such as DevOps, Shift Left/Right, Test Automation, Blockchain and Artificial Intelligence.
Current trends in open source and automotiveRyo Jin
Tizen IVI continues making progress and sees adoption by multiple car manufacturers for the operating system providing the in-vehicle infotainment experience. Over the past year we have seen Tizen IVI mature a great deal as a Tizen product with support for web apps on Wayland, a sub-200MB footprint and components like systemd, Ofono, BlueZ, Connman, and other upstream components.
With the most recent Tizen IVI 3.0 M2 release new features include much better Bluetooth support, a variety of new web APIs exposed, Smack-based security, media player improvements, WebGL / video / CSS hardware acceleration, hardware acceleration of the camera and video streams, Genivi Layer Manager integration, Genivi Audio Manager integration, and the introduction of a Tizen IVI SDK. This latest release is running on modern versions of Mesa, Wayland with Weston, and the EFL libraries.
Going forward with Tizen IVI 3.0 M3 later in 2014 is an intent to be in compliance with GENIVI 6.0, AGL incremental requirements, supporting the Smack 3 domain model, multi-user support, and Crosswalk integration. Intel developers are also looking at possible Yocto support.
One of the primary Goals of the cell phone and tablet Operating system is effortlessness and openness. This feature was usually not available on the embedded systems and devices. By connecting these two types of devices, operating and monitoring of Embedded Systems can be simplified. This idea proposes an IoT Model(RC Car) which is controlled by an iPhone/Android/Web over the internet. Most of the Indian rural and sub urban roads are not proper for driving. Which causes many accidents and decreases vehicle's lifespan. To prevent this A camera is mounted in front of the car which will inspect erratic potholes, seedy lanes, and improper road signs and uploads latitude and longitude of the erratic potholes, seedy lanes to the cloud. This RC car model surveys improper roads. This RC car also attached with ultra sonic sensor which displays distance of any object occurs in front of the car. if the distance reaches some threshold value, system will indicate to the user and takes particular action.
We are providing a IoT platform for the end user which is accessible to the registered users. IoT Platform provides analytics and prediction functionalities to help user to better understand and control over the system. Our IoT Platform(IoT Broker system) is set up which uses AWS(Amazon Web Services) as a backend provides infrastructure as a service. The RC car uses raspberry pi single board circuit which uses MQTT(Message Queue Telemetry Transport) to transfer data to the cloud. For lane detection we use Hough Transformation Method where as Colour Segmentation and Shape Modelling with Thin Spline Transformation (TPS) is used with nearest neighbour classifier for road sign detection and Classification. Further, K-means clustering based algorithm is adopted for pothole detection. The RC car attached with GPS device will get latitude and longitude and upload to the cloud, then the erratic potholes, seedy lanes will be shown in mobile app before they appear.The infrared sensor detects the person or objects enters the particular area and stops the car immediately. Ultrasonic sensor measure the distance of any object occurs in front of the car.if the distance reaches some threshold value, system will indicate to the user and takes particular action. This measured distance will be displayed in the mobile app. IP-based Internet is the largest network in the world therefore; there are excessive steps towards connecting Wireless Sensor Networks (WSNs) to the Internet. It is popularly known as to IoT (Internet of Things).This RC car can be operated from anywhere in the world.
Key words—IoT(Internet of Things), WSN, Embedded System, Raspberry PI, Ultrasonic Sensor, iPhone App, RC car, MQTT(Message Queue Telemetry Transport).
Braking the Connected Car: The Future of Vehicle VulnerabilitiesPriyanka Aash
In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreats and how the next generation of in-car technology will intensify already-present vehicle vulnerabilities.
(Source: RSA USA 2016-San Francisco)
Copying the identity of one phone or SIM to another phone or SIM is known as sim or mobile phone cloning.
The bill for usage goes to legitimate subscriber.
Bruno Audoux - Connected Cars to the Net, IoTs on the RoadsNeotys_Partner
Since its beginning, the Performance Advisory Council aims to promote engagement between various experts from around the world, to create relevant, value-added content sharing between members. For Neotys, to strengthen our position as a thought leader in load & performance testing. During this event, 12 participants convened in Chamonix (France) exploring several topics on the minds of today’s performance tester such as DevOps, Shift Left/Right, Test Automation, Blockchain and Artificial Intelligence.
Current trends in open source and automotiveRyo Jin
Tizen IVI continues making progress and sees adoption by multiple car manufacturers for the operating system providing the in-vehicle infotainment experience. Over the past year we have seen Tizen IVI mature a great deal as a Tizen product with support for web apps on Wayland, a sub-200MB footprint and components like systemd, Ofono, BlueZ, Connman, and other upstream components.
With the most recent Tizen IVI 3.0 M2 release new features include much better Bluetooth support, a variety of new web APIs exposed, Smack-based security, media player improvements, WebGL / video / CSS hardware acceleration, hardware acceleration of the camera and video streams, Genivi Layer Manager integration, Genivi Audio Manager integration, and the introduction of a Tizen IVI SDK. This latest release is running on modern versions of Mesa, Wayland with Weston, and the EFL libraries.
Going forward with Tizen IVI 3.0 M3 later in 2014 is an intent to be in compliance with GENIVI 6.0, AGL incremental requirements, supporting the Smack 3 domain model, multi-user support, and Crosswalk integration. Intel developers are also looking at possible Yocto support.
One of the primary Goals of the cell phone and tablet Operating system is effortlessness and openness. This feature was usually not available on the embedded systems and devices. By connecting these two types of devices, operating and monitoring of Embedded Systems can be simplified. This idea proposes an IoT Model(RC Car) which is controlled by an iPhone/Android/Web over the internet. Most of the Indian rural and sub urban roads are not proper for driving. Which causes many accidents and decreases vehicle's lifespan. To prevent this A camera is mounted in front of the car which will inspect erratic potholes, seedy lanes, and improper road signs and uploads latitude and longitude of the erratic potholes, seedy lanes to the cloud. This RC car model surveys improper roads. This RC car also attached with ultra sonic sensor which displays distance of any object occurs in front of the car. if the distance reaches some threshold value, system will indicate to the user and takes particular action.
We are providing a IoT platform for the end user which is accessible to the registered users. IoT Platform provides analytics and prediction functionalities to help user to better understand and control over the system. Our IoT Platform(IoT Broker system) is set up which uses AWS(Amazon Web Services) as a backend provides infrastructure as a service. The RC car uses raspberry pi single board circuit which uses MQTT(Message Queue Telemetry Transport) to transfer data to the cloud. For lane detection we use Hough Transformation Method where as Colour Segmentation and Shape Modelling with Thin Spline Transformation (TPS) is used with nearest neighbour classifier for road sign detection and Classification. Further, K-means clustering based algorithm is adopted for pothole detection. The RC car attached with GPS device will get latitude and longitude and upload to the cloud, then the erratic potholes, seedy lanes will be shown in mobile app before they appear.The infrared sensor detects the person or objects enters the particular area and stops the car immediately. Ultrasonic sensor measure the distance of any object occurs in front of the car.if the distance reaches some threshold value, system will indicate to the user and takes particular action. This measured distance will be displayed in the mobile app. IP-based Internet is the largest network in the world therefore; there are excessive steps towards connecting Wireless Sensor Networks (WSNs) to the Internet. It is popularly known as to IoT (Internet of Things).This RC car can be operated from anywhere in the world.
Key words—IoT(Internet of Things), WSN, Embedded System, Raspberry PI, Ultrasonic Sensor, iPhone App, RC car, MQTT(Message Queue Telemetry Transport).
Alexander Olenyev & Andrey Voloshin - Car Hacking: Yes, You can do that!NoNameCon
Talk by Alexander Olenyev & Andrey Voloshin at NoNameCon 2019.
https://nonamecon.org
https://cfp.nonamecon.org/nnc2019/talk/AARZTL/
The complete list of (I hope) all {not only} publicly disclosed vulnerabilities in car hacking. Contains a detailed description of Who When How has been hacked, toolz and technics. Encourage every other-field pentester to use their skills in car hacking giving fundamental knowledge of where to start and what to expect. Tesla, BMW, Toyota, Nissan — few words about all of them
Smart Parking Concept - An Internet of Things SolutionrapidBizApps
Universal access to computational power and bandwidth has allowed people and governments to accept and adopt new technologies that make life easier for everybody. A surge in the availability of low cost connected devices has paved the way for powerful technological advances towards the goal of building smart cities. This eBook presents the concept of smart parking that empowers communities to harness connectivity to manage traffic and optimize parking space that scales alongside demand.
Company: rapidBizApps
Website: www.rapidbizapps.com
Short overview of the current security status on the automotive telematics security arena. Presented at the ISACA Scandinavian Conference April 23-24th 2012
Symptoms like intermittent starting and key recognition errors signal potential problems with your Mercedes’ EIS. Use diagnostic steps like error code checks and spare key tests. Professional diagnosis and solutions like EIS replacement ensure safe driving. Consult a qualified technician for accurate diagnosis and repair.
Fleet management these days is next to impossible without connected vehicle solutions. Why? Well, fleet trackers and accompanying connected vehicle management solutions tend to offer quite a few hard-to-ignore benefits to fleet managers and businesses alike. Let’s check them out!
In this presentation, we have discussed a very important feature of BMW X5 cars… the Comfort Access. Things that can significantly limit its functionality. And things that you can try to restore the functionality of such a convenient feature of your vehicle.
What Could Cause The Headlights On Your Porsche 911 To Stop WorkingLancer Service
Discover why your Porsche 911 headlights might flicker out unexpectedly. From aging bulbs to electrical gremlins and moisture mishaps, we're delving into the reasons behind the blackout. Stay tuned to illuminate the road ahead and ensure your lights shine bright for safer journeys.
𝘼𝙣𝙩𝙞𝙦𝙪𝙚 𝙋𝙡𝙖𝙨𝙩𝙞𝙘 𝙏𝙧𝙖𝙙𝙚𝙧𝙨 𝙞𝙨 𝙫𝙚𝙧𝙮 𝙛𝙖𝙢𝙤𝙪𝙨 𝙛𝙤𝙧 𝙢𝙖𝙣𝙪𝙛𝙖𝙘𝙩𝙪𝙧𝙞𝙣𝙜 𝙩𝙝𝙚𝙞𝙧 𝙥𝙧𝙤𝙙𝙪𝙘𝙩𝙨. 𝙒𝙚 𝙝𝙖𝙫𝙚 𝙖𝙡𝙡 𝙩𝙝𝙚 𝙥𝙡𝙖𝙨𝙩𝙞𝙘 𝙜𝙧𝙖𝙣𝙪𝙡𝙚𝙨 𝙪𝙨𝙚𝙙 𝙞𝙣 𝙖𝙪𝙩𝙤𝙢𝙤𝙩𝙞𝙫𝙚 𝙖𝙣𝙙 𝙖𝙪𝙩𝙤 𝙥𝙖𝙧𝙩𝙨 𝙖𝙣𝙙 𝙖𝙡𝙡 𝙩𝙝𝙚 𝙛𝙖𝙢𝙤𝙪𝙨 𝙘𝙤𝙢𝙥𝙖𝙣𝙞𝙚𝙨 𝙗𝙪𝙮 𝙩𝙝𝙚 𝙜𝙧𝙖𝙣𝙪𝙡𝙚𝙨 𝙛𝙧𝙤𝙢 𝙪𝙨.
Over the 10 years, we have gained a strong foothold in the market due to our range's high quality, competitive prices, and time-lined delivery schedules.
Ever been troubled by the blinking sign and didn’t know what to do?
Here’s a handy guide to dashboard symbols so that you’ll never be confused again!
Save them for later and save the trouble!
What Does the PARKTRONIC Inoperative, See Owner's Manual Message Mean for You...Autohaus Service and Sales
Learn what "PARKTRONIC Inoperative, See Owner's Manual" means for your Mercedes-Benz. This message indicates a malfunction in the parking assistance system, potentially due to sensor issues or electrical faults. Prompt attention is crucial to ensure safety and functionality. Follow steps outlined for diagnosis and repair in the owner's manual.
Comprehensive program for Agricultural Finance, the Automotive Sector, and Empowerment . We will define the full scope and provide a detailed two-week plan for identifying strategic partners in each area within Limpopo, including target areas.:
1. Agricultural : Supporting Primary and Secondary Agriculture
• Scope: Provide support solutions to enhance agricultural productivity and sustainability.
• Target Areas: Polokwane, Tzaneen, Thohoyandou, Makhado, and Giyani.
2. Automotive Sector: Partnerships with Mechanics and Panel Beater Shops
• Scope: Develop collaborations with automotive service providers to improve service quality and business operations.
• Target Areas: Polokwane, Lephalale, Mokopane, Phalaborwa, and Bela-Bela.
3. Empowerment : Focusing on Women Empowerment
• Scope: Provide business support support and training to women-owned businesses, promoting economic inclusion.
• Target Areas: Polokwane, Thohoyandou, Musina, Burgersfort, and Louis Trichardt.
We will also prioritize Industrial Economic Zone areas and their priorities.
Sign up on https://profilesmes.online/welcome/
To be eligible:
1. You must have a registered business and operate in Limpopo
2. Generate revenue
3. Sectors : Agriculture ( primary and secondary) and Automative
Women and Youth are encouraged to apply even if you don't fall in those sectors.
Why Is Your BMW X3 Hood Not Responding To Release CommandsDart Auto
Experiencing difficulty opening your BMW X3's hood? This guide explores potential issues like mechanical obstruction, hood release mechanism failure, electrical problems, and emergency release malfunctions. Troubleshooting tips include basic checks, clearing obstructions, applying pressure, and using the emergency release.
"Trans Failsafe Prog" on your BMW X5 indicates potential transmission issues requiring immediate action. This safety feature activates in response to abnormalities like low fluid levels, leaks, faulty sensors, electrical or mechanical failures, and overheating.
Things to remember while upgrading the brakes of your carjennifermiller8137
Upgrading the brakes of your car? Keep these things in mind before doing so. Additionally, start using an OBD 2 GPS tracker so that you never miss a vehicle maintenance appointment. On top of this, a car GPS tracker will also let you master good driving habits that will let you increase the operational life of your car’s brakes.
The Octavia range embodies the design trend of the Škoda brand: a fusion of
aesthetics, safety and practicality. Whether you see the car as a whole or step
closer and explore its unique features, the Octavia range radiates with the
harmony of functionality and emotion
5 Warning Signs Your BMW's Intelligent Battery Sensor Needs AttentionBertini's German Motors
IBS monitors and manages your BMW’s battery performance. If it malfunctions, you will have to deal with an array of electrical issues in your vehicle. Recognize warning signs like dimming headlights, frequent battery replacements, and electrical malfunctions to address potential IBS issues promptly.
2. # Why we are interested?
Let’s do it…
• Navigation for cars
• Maps
• REST API services
• Traffic
• POI
• Even road angle degree
• And more
• RDS traffic data supplier
• Embedded software
• Middleware
• UI Clients
• … and more
• 3D maps for self driving cars
3. # Why security?
???
• How OUR software can impact on car security?
vs.
• How other components affect our security?
4. # Backdoor?
???
Backdoor – unauthorized remote access to car’s headunit or other components
It’s what you want to do after exploitation of any vulnerability…
5. # Backdoor for a car
• Find a reason why you need a backdoor
• Find a way how to deploy a backdoor
• Find a way how to get control
6. # Backdoor for a car
Reasons
• Monetization?
• CC/Banking -- LOW
• BT Mining -- LOW
• Botnet -- LOW
• Thief Auto -- ???
• Targeted attack
• Police/Gov -- HIGH (Legal Backdoor)
• Spying -- ???
• Killing(WTF?) ???
We do not know, HOW to use it and WHY we need it
7. # Backdoor for a car
Reasons
• Monetization?
• CC/Banking -- LOW
• BT Mining -- LOW
• Botnet -- LOW
• Thief Auto -- ???
• Targeted attack
• Police/Gov -- HIGH (Legal Backdoor)
• Spying -- ???
• Killing(WTF?) ???
We do not know, HOW to use it and WHY we need it
8. # Backdoor for a car
Reasons
Backdoor is unauthorized remote access to HeadUnit:
• You know where is you target
• You can control some elements:
• Light
• Radio
• Door locks
• Navigation routes
• For self driving cars…
• Other – depends of internal network design
- ABS, Engine, etc Easy! Easy!
• CPU usage
• Privacy and valuable data
10. # Break in
Attack surface – I/O
• Wireless components and ECUs
• Long Radio:
• GSM/UMTS
• Radio/RDS
• GPS
• Short Radio:
• WiFi/Bluetooth
• TPMS
• Keyless lock/start
• Radars/Sensors/Cameras
• HeadUnit
• Software components
• WEB Browser
• MP3/etc
• RDS
• Applications/Connected Car services
• etc
• Service/diagnostic ports
• Local I/O
• CAN interfaces on HU
• Ethernet
• etc
• etc
11. # Break in
Attack surface – I/O
• Wireless components and ECUs
• Long Radio:
• GSM/UMTS
• Radio/RDS
• GPS
• Short Radio:
• WiFi/Bluetooth
• TPMS
• Keyless lock/start
• Radars/Sensors/Cameras
• HeadUnit
• Software components
• WEB Browser
• MP3/etc
• RDS
• Applications/Connected Car services
• etc
• Service/diagnostic ports
• Local I/O
• CAN interfaces on HU
• Ethernet
• etc
• etc
Internet services
security
12. # Break in
Attack surface – I/O
• Wireless components and ECUs
• Long Radio:
• GSM/UMTS
• Radio/RDS
• GPS
• Short Radio:
• WiFi/Bluetooth
• TPMS
• Keyless lock/start
• Radars/Sensors/Cameras
• HeadUnit
• Software components
• WEB Browser
• MP3/etc
• RDS
• Applications/Connected Car services
• etc
• Service/diagnostic ports
• Local I/O
• CAN interfaces on HU
• Ethernet
• etc
• etc
… and even data/file format
Internet services
security
Client-side security
13. # Break in
Attack surface – I/O
• Wireless components and ECUs
• Long Radio:
• GSM/UMTS
• Radio/RDS
• GPS
• Short Radio:
• WiFi/Bluetooth
• TPMS
• Keyless lock/start
• Radars/Sensors/Cameras
• HeadUnit
• Software components
• WEB Browser
• MP3/etc
• RDS
• Applications/Connected Car services
• etc
• Service/diagnostic ports
• Local I/O
• CAN interfaces on HU
• Ethernet
• etc
• etc
… and even data/file format
Internet services
security
Client-side security
Spoofing/injection/sniffing and fuzzing
14. # Break in
Attack surface – I/O
• Wireless components and ECUs
• Long Radio:
• GSM/UMTS
• Radio/RDS
• GPS
• Short Radio:
• WiFi/Bluetooth
• TPMS
• Keyless lock/start
• Radars/Sensors/Cameras
• HeadUnit
• Software components
• WEB Browser
• MP3/etc
• RDS
• Applications/Connected Car services
• etc
• Service/diagnostic ports
• Local I/O
• CAN interfaces on HU
• Ethernet
• etc
• etc
Internet services
security
Client-side security
… and even data/file format
Spoofing/injection/sniffing and fuzzing
Also for LPE
15. # Car Security is like…
… MOBILE + SMART GRID/SCADA security
16. # Car Security is like…
… MOBILE + SMART GRID/SCADA security
… even with AppStore!
17. # Break in
Simple backdoor?
• Wireless components and ECUs
• Long Radio:
• GSM/UMTS
• Radio/RDS
• GPS
• Short Radio:
• WiFi/Bluetooth
• TPMS
• Keyless lock/start
• Radars/Sensors/Cameras
• HeadUnit
• Software components
• WEB Browser
• MP3/etc
• RDS
• Applications/Connected Car services
• etc
• Service/diagnostic ports
• Local I/O
• CAN interfaces on HU
• Ethernet
• etc
• etc
33. # Deploy a backdoor (as a binary)
Other vectors
• Vulnerabilities in software update mechanism
• Importing files from USB/SD
• Browser Client-Side RCE bugs
• Other components RCE bugs (RDS and etc)
34. # Deploy a backdoor (as a binary)
Tasks
• Penetration vector
• RCE bugs and etc
• Find a RW place on the HU
• Update services re-usage
• Bad mounted memory
• LPE bugs
• Find a way for auto-run
• How to change cron (or etc) jobs?
• DLL/SO Hijacking
• Find a way how to connect to C&C via Internet
• Local VPN configs/keys
• Route table
• Proxy settings
36. # Car WORM??
Is it possible?
• All HU in one network
segment? (Worm)
37. # Car WORM??
Is it possible?
• All HU in one network
segment? (Worm)
• If you hack the Internet
Proxy? (Spreading)
38. # Car WORM??
Is it possible?
• All HU in one network
segment? (Worm)
• If you hack the Internet
Proxy? (Spreading)
• If you hack ConnectedCar
API Server? (Spreading)
39. # Car WORM??
Is it possible?
• All HU in one network
segment? (Worm)
• If you hack the Internet
Proxy? (Spreading)
• If you hack ConnectedCar
API Server? (Spreading)
• Car2Car, wireless (Worm)
40. # Car WORM??
Is it possible?
• All HU in one network
segment? (Worm)
• If you hack the Internet
Proxy? (Spreading)
• If you hack ConnectedCar
API Server? (Spreading)
• Car2Car, wireless (Worm)
• Infected files for import? (File
infection)
41. # Car WORM??
Is it possible?
• All HU in one network
segment? (Worm)
• If you hack the Internet
Proxy? (Spreading)
• If you hack ConnectedCar
API Server? (Spreading)
• Car2Car, wireless (Worm)
• Infected files for import? (File
infection)
Ahh… Comeon!
42. # LPE
Tasks
• Bugs in local service
• From user to root
• From HU to ECU
• Bugs in ECU
• Local services usage
• ECU control normal usage – sending commands
(like SomeIP)
43. # Hardening
Defense
• No RW places for backdoor
• Processes list and configs control and integrity
• Encrypted storages (key chains) *
• Local network segmentation
• HU does not need access to some components
• Update mechanism/design for software (good example - BMW)
• 3rd party developers – need to know what they are doing*
44. # Security market
Defense
• IPS for CAN
• Trusted and hardened HU/OS
• Encryption for CAN/ECU/internal traffic
• IPS for internal wireless/network
• moarrr …
• AV for car?
….
45. # Future
Targets for future researches
• Remote exploits for Browser and car’s APPs
• Including attacks on ConnectedCar design/implementation
• …and Car2Car design and implementation… and etc
• Malware/Backdoor prototype and demo
• File infection and file format exploits (USB/SD card)
• Wireless radio exploits (short/long radio vectors)
• LPE exploits -from HU to ECU, from ECU to HU, from user to root)
• Self driving car spoofing and manipulation
• Fake signs
• Radar/LIDAR data spoofing
• All possible mixes 8)
46. # Future
Targets for future researches
• Remote exploits for Browser and car’s APPs
• Including attacks on ConnectedCar design/implementation
• …and Car2Car design and implementation… and etc
• Malware/Backdoor prototype and demo
• File infection and file format exploits (USB/SD card)
• Wireless radio exploits (short/long radio vectors)
• LPE exploits -from HU to ECU, from ECU to HU, from user to root)
• Self driving car spoofing and manipulation
• Fake signs
• Radar/LIDAR data spoofing
• All possible mixes 8)
And even more… it’s a BIG
area and a lot of things can
happened 8)