Remote hacking a car
Presentation by Oren Elimelech @ ICT 19th August 2015
Inspired by: Remote Exploitation of an Unaltered Passenger Vehicle, by: Dr. Charlie Miller & Chris Valasek - Black Hat USA Auigust 2015
Embitel has expertise in developing Android Infotainment Projects, embedded software/hardware developers and infotainment testing. As your infotainment solution partner, we provide end-to-end support throughout your product development roadmap – technology strategy, UX design, infotainment software and hardware development and support.
Automatic number plate recognition (ANPR) uses optical character recognition on images to read vehicle registration plates. It has seven elements: cameras, illumination, frame grabbers, computers, software, hardware, and databases. ANPR detects vehicles, captures plate images, and processes the images to recognize plates. It has advantages like improving safety and reducing crime. Applications include parking, access control, tolling, border control, and traffic monitoring.
This project is about tracking system that tracks vehicle using gps and gsm/gprs. Also, it displays information for user interface using web and mobile application.Beside that it displays information on lcd as a form of public notice board too.
This presentation talks about Software Defined Vehicles, Automotive Standards including Cyber Security and Safety, Agile Methods like SAFe/Less , Continuous Delivery best practices.
CAN (Controller Area Network) is a vehicle bus standard that allows microcontrollers and devices in a vehicle to communicate. It uses a multi-master serial bus topology and CSMA/CD with arbitration on message priority. CAN was introduced in 1986 and standardized in 1993. It supports data transmission rates up to 1Mbps over cables up to 40 meters long, connecting up to 2032 nodes. The document discusses the CAN standards, applications, layered structure, network components, frame types, and advantages/limitations.
All the images used in my presentation are belonging to their respective owners. I do not own any copyright.
-------------------------------------------------------------------------------------
>> One of the Best, Semester-3 M.Tech Academic Seminar Presentation on "Controller Area Network Bus" or CAN Protocol.
>> One of the Automotive based protocols from Robert Bosch
>> Comes under In-Vehicle Networking (IVN) Technology
>> Includes most of the theoretical concepts of CAN
IOT Based Smart Parking and Damage Detection Using RFIDMaheshMoses
The proposed Smart Parking framework comprises an IoT module that is utilized to screen and signalize the condition of accessibility of a single parking spot The damage detection of the car can be detected using a vibration sensor
Embitel has expertise in developing Android Infotainment Projects, embedded software/hardware developers and infotainment testing. As your infotainment solution partner, we provide end-to-end support throughout your product development roadmap – technology strategy, UX design, infotainment software and hardware development and support.
Automatic number plate recognition (ANPR) uses optical character recognition on images to read vehicle registration plates. It has seven elements: cameras, illumination, frame grabbers, computers, software, hardware, and databases. ANPR detects vehicles, captures plate images, and processes the images to recognize plates. It has advantages like improving safety and reducing crime. Applications include parking, access control, tolling, border control, and traffic monitoring.
This project is about tracking system that tracks vehicle using gps and gsm/gprs. Also, it displays information for user interface using web and mobile application.Beside that it displays information on lcd as a form of public notice board too.
This presentation talks about Software Defined Vehicles, Automotive Standards including Cyber Security and Safety, Agile Methods like SAFe/Less , Continuous Delivery best practices.
CAN (Controller Area Network) is a vehicle bus standard that allows microcontrollers and devices in a vehicle to communicate. It uses a multi-master serial bus topology and CSMA/CD with arbitration on message priority. CAN was introduced in 1986 and standardized in 1993. It supports data transmission rates up to 1Mbps over cables up to 40 meters long, connecting up to 2032 nodes. The document discusses the CAN standards, applications, layered structure, network components, frame types, and advantages/limitations.
All the images used in my presentation are belonging to their respective owners. I do not own any copyright.
-------------------------------------------------------------------------------------
>> One of the Best, Semester-3 M.Tech Academic Seminar Presentation on "Controller Area Network Bus" or CAN Protocol.
>> One of the Automotive based protocols from Robert Bosch
>> Comes under In-Vehicle Networking (IVN) Technology
>> Includes most of the theoretical concepts of CAN
IOT Based Smart Parking and Damage Detection Using RFIDMaheshMoses
The proposed Smart Parking framework comprises an IoT module that is utilized to screen and signalize the condition of accessibility of a single parking spot The damage detection of the car can be detected using a vibration sensor
'' Internet of Vehicles (IoV) ,,
IoV is basically INTERNET of VEHICLES, a strong network between vehicles and living.
IoT is a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.
The new era of the Internet of Things is driving the evolution of conventional Vehicle Ad-hoc Networks into the Internet of Vehicles (IoV).
Being in generation of Internet connectivity, there is a need to stay in safe and hassle free environment.
According to recent predictions, 25 billion “things” will be connected to the Internet by 2020, of which vehicles will constitute a significant portion.
Objectives
IoV – distributed transport fabric capable of making its own decisions about driving customers to their destinations
IoV should have communications, processing, storage, intelligence, learning and strong security capabilities .
To be integrated in IoT framework and smart cities technologies.
Extended business models and the range of applications ( including mediaoriented) current vehicular networks.
Types Of Communication IoV
The IoV includes mainly five types of vehicular communications
1.Vehicle-to-Vehicle (V2V).
2.Vehicle to-Roadside Unit (V2R).
3.Vehicle-to-Infrastructure of cellular networks (V2I) .
4.Vehicle-to-Personal devices (V2P)
5.Vehicle-to-Sensors (V2S).
Network elements of IoV
A network model of IoV is proposed based on the three network elements, including cloud, connection, and client. The benefits of the design and development of IoV are highlighted by performing a qualitative comparison between IoV and VANETs
I guess everyone have little knowledge about connected car technology as it has been newly introduced to auto industry. This presentation explains some common features of it i.e. Music app, Navigation, Automotive system diagnosis, Bluetooth, Road-side assistance, Hands-free control, Contextual help, Parking help, App manager, 4G Wi-Fi hotspot, ADAS etc. The most demanded features of connected car are the In-car safety features and vehicle-to-vehicle safety features. Check out for details.
which is used in automobiles which has speed up to 1mbs bits in a 40 meter length cable, it is implemented in where there is of multiple networks ,it has wide range of applications in automobile , in this ppt we show implimentation of can using xilinx
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
A presentation which was given at 'How the Internet of Things is Changing Cyber Security - an event organised by Optimise Hub (Portsmouth University) on January 26th 2017 at Havant.
- This talk describes the issues relating to cybersecurity of Connected Cars and Autonomous Vehicles. It begins with an introduction to technology and standards. It then looks at the key security challenges and asks how prepared we are to deal with the future risks.
- It is a perfect case study in the challenge of achieving cybersecurity on a massive scale.
This document discusses geographical routing protocols for vehicular ad hoc networks (VANETs). It provides an overview of VANET characteristics and challenges, including changing network topology due to node mobility. Several geographical routing protocols are described, including GPSR, GPSR-AGF, GPCR, A-STAR, GSR, GyTAR and LOUVRE. The document compares GPSR and GPCR, and discusses how protocols like A-STAR may be better suited for urban environments compared to GPSR. Simulation tools for evaluating VANET protocols are also covered, along with considerations for implementing geographical routing in Bangladesh.
CAN (Controller Area Network) Bus ProtocolAbhinaw Tiwari
The document discusses the CAN bus protocol. It provides an introduction that describes CAN as a multi-master, broadcasting, serial communication protocol for reliable data exchange between electronic control units. It then discusses CAN applications in automotive, industrial, medical and other fields. The document outlines CAN characteristics such as message prioritization, arbitration, data protection methods, and advantages like reliability and robustness in noisy environments. It concludes that CAN is well-suited for applications requiring many short messages with high reliability.
This document provides an overview of CAN BUS systems used in automotive applications. It discusses the requirements for CAN BUS, including the use of twisted pair cable and termination resistors. The document describes the CAN frame format, including the arbitration, control, data, and CRC fields. It explains the OSI layers for CAN, including the physical layer that transmits electrical signals and the data link layer that handles carrier sensing and collision avoidance. Advantages of CAN BUS are its support for multiple masters, reduced wiring complexity, error detection capabilities, and high speeds up to 1Mbps. CAN BUS is also compared to FlexRay, with CAN having lower cost but lower maximum speed.
Intelligent traffic information and control systemSADEED AMEEN
This document proposes an intelligent traffic information and control system that uses image processing and wireless communication to control traffic lights. A camera at intersections will capture images and detect vehicle presence to adjust light durations accordingly. An emergency vehicle clearance system will turn all lights green on its path. Zigbee modules allow wireless communication between an ambulance and traffic controller. Additionally, a traffic management system and chatbot provide traffic information to users. The system will use incremental development, initially controlling lights with Arduino then adding congestion control with image processing.
Connected Car Security Issues:
4 main components-
1- ECU (Electronic Control Unit)
2- CAN Bus (Control Area Network Bus)
3- OBD (Onboard Diagnostics)
4- Infotainment
The document discusses embedded systems in automobiles. It defines embedded systems and describes their characteristics. It then discusses several key automotive systems that use embedded technology like airbags, anti-lock braking systems (ABS), and event data recorders (EDRs). Airbags use sensors to detect crashes and actuators to deploy the airbags at varying levels depending on crash severity. ABS uses wheel speed sensors to detect lockup and controls braking pressure to prevent skidding. EDRs permanently record crash data to help with accident reconstruction. Embedded systems are critical components in modern automotive safety and electronic features.
CAN (Controller Area Network) is a standard bus system for connecting electronic control units within vehicles. It allows microcontrollers and devices to communicate with each other in applications without a host computer. CAN achieves data transfer rates of up to 1Mbps over distances of 40 meters and supports up to 2032 nodes. It uses a multi-master broadcast type of network with error detection capabilities and prioritizes messages based on identifiers. CAN was introduced in 1986 and standardized in 1993 for automotive applications due to its robustness, reliability and low cost.
The project is designed to develop a density based dynamic traffic signal system having remote override facilities. During normal time the signal timing changes automatically on sensing the traffic density at the junction but in the event of any emergency vehicle like ambulance, fire brigade etc. requiring priority are built in with RF remote control to override the set timing by providing instantaneous green signal in the desired direction while blocking the other lanes by red signal for some time. Traffic congestion is a severe problem in many major cities across the world thus it is felt imperative to provide such facilities to important vehicles.
Conventional traffic light system is based on fixed time concept allotted to each side of the junction which cannot be varied as per varying traffic density. Junction timings allotted are fixed. Sometimes higher traffic density at one side of the junction demands longer green time as compared to standard allotted time. The proposed system using a PIC microcontroller duly interfaced with sensors, changes the junction timing automatically to accommodate movement of vehicles smoothly avoiding unnecessary waiting time at the junction. The sensors used in this project are IR, are in line of sight configuration across the loads to detect the density at the traffic signal. The override feature is activated by an on board RF transmitter operated from the emergency vehicle.
This document discusses machine learning techniques for reconstructing radio maps in wireless networks. It addresses challenges like high mobility, noisy channels, and stringent 5G requirements. It proposes using adaptive learning to reconstruct pathloss, traffic, and load maps online from user measurements. Key ingredients discussed are sparse multi-kernel approaches for pathloss, Gaussian processes for traffic, and hybrid-driven methods for load estimation. The techniques can provide probabilistic bounds and optimize network configuration for energy efficiency.
This document describes an intelligent parking system called iPARK that uses IoT and AI technologies. iPARK aims to make parking more manageable by providing an available parking space list, automatically sensing vehicle movement, and allowing users to securely lock and unlock gates. It guides vehicles to the nearest available spot to reduce waiting times, fuel consumption, and carbon emissions. The system includes hardware components like Arduino Mega, Ethernet shield, LDR sensors and servo motors, along with software like PHP and MySQL. It uses techniques like registration, login, space selection, and gate locking/unlocking. Future work may include a distributed database to control spots nationwide, location-based parking searches, and automated payment services.
Understanding UNECE WP.29 regulations on cybersecurityDominik Strube
This document discusses how a Cyber Security Management System (CSMS) and Software Update Management System (SUMS) fit together for vehicle certification. A CSMS follows ISO/SAE 21434 and ensures cybersecurity is managed across a carmaker's lifecycle, while a SUMS follows ISO AWI 24089 and manages over-the-air software updates. Both the CSMS and SUMS must be certified by a third party and their certificates are valid for 3 years. Vehicle type approval requires presenting valid CSMS and SUMS certificates as well as system validation reports, with the third party certifying compliance with regulations like UNECE R155.
This document describes a project report submitted by two students for their bachelor's degree. It outlines the development of an alcohol detection system for vehicles using various hardware components like an alcohol sensor, microcontroller, LCD, buzzer, GSM module and motor. The system is intended to detect if a driver has consumed alcohol and prevent the vehicle from starting by activating the buzzer and taking control of the vehicle remotely through wireless communication.
This document describes an anti-theft security system developed for vehicles. The system uses an Arduino Mega microcontroller along with GSM and GPS modules to track stolen vehicles and send location updates to the owner via SMS. If an unauthorized key is inserted, the system will send an SMS alert to the owner with the vehicle's location. It also includes a password-protected emergency feature that allows limited movement of the vehicle. The goals of the system are to reduce vehicle theft rates, help recover stolen vehicles, and provide an inexpensive solution. The document reviews related work and provides details on the hardware components, operational flow, and prototype testing results. It concludes that the low-cost system can help deter theft and is a technological and
Federal Aviation Administration (FAA) is responsible for overseeing the US National Airspace System, which comprises ATC systems, procedures, facilities, and aircraft, and the people who operate them. FAA is implementing Next Generation Air Transportation System (NextGen) to move the current radar-based air-traffic control (ATC) system to one that is based on satellite navigation and automation. It is essential that FAA ensures effective information-security controls are incorporated in the design of NextGen programs to protect them from threats. This talk discusses the threats FAA faces and the cyber security controls adopted by FAA in implementation of these NextGen Air Transportation System.
Cyber security involves protecting computers, networks, programs and data from unauthorized access and cyber attacks. It includes communication security, network security and information security to safeguard organizational assets. Cyber crimes are illegal activities that use digital technologies and networks, and include hacking, data and system interference, fraud, and illegal device usage. Some early forms of cyber crime date back to the 1970s. Maintaining antivirus software, firewalls, backups and strong passwords can help protect against cyber threats while being mindful of privacy and security settings online. The document provides an overview of cyber security, cyber crimes, their history and basic safety recommendations.
'' Internet of Vehicles (IoV) ,,
IoV is basically INTERNET of VEHICLES, a strong network between vehicles and living.
IoT is a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.
The new era of the Internet of Things is driving the evolution of conventional Vehicle Ad-hoc Networks into the Internet of Vehicles (IoV).
Being in generation of Internet connectivity, there is a need to stay in safe and hassle free environment.
According to recent predictions, 25 billion “things” will be connected to the Internet by 2020, of which vehicles will constitute a significant portion.
Objectives
IoV – distributed transport fabric capable of making its own decisions about driving customers to their destinations
IoV should have communications, processing, storage, intelligence, learning and strong security capabilities .
To be integrated in IoT framework and smart cities technologies.
Extended business models and the range of applications ( including mediaoriented) current vehicular networks.
Types Of Communication IoV
The IoV includes mainly five types of vehicular communications
1.Vehicle-to-Vehicle (V2V).
2.Vehicle to-Roadside Unit (V2R).
3.Vehicle-to-Infrastructure of cellular networks (V2I) .
4.Vehicle-to-Personal devices (V2P)
5.Vehicle-to-Sensors (V2S).
Network elements of IoV
A network model of IoV is proposed based on the three network elements, including cloud, connection, and client. The benefits of the design and development of IoV are highlighted by performing a qualitative comparison between IoV and VANETs
I guess everyone have little knowledge about connected car technology as it has been newly introduced to auto industry. This presentation explains some common features of it i.e. Music app, Navigation, Automotive system diagnosis, Bluetooth, Road-side assistance, Hands-free control, Contextual help, Parking help, App manager, 4G Wi-Fi hotspot, ADAS etc. The most demanded features of connected car are the In-car safety features and vehicle-to-vehicle safety features. Check out for details.
which is used in automobiles which has speed up to 1mbs bits in a 40 meter length cable, it is implemented in where there is of multiple networks ,it has wide range of applications in automobile , in this ppt we show implimentation of can using xilinx
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Bill Harpley
A presentation which was given at 'How the Internet of Things is Changing Cyber Security - an event organised by Optimise Hub (Portsmouth University) on January 26th 2017 at Havant.
- This talk describes the issues relating to cybersecurity of Connected Cars and Autonomous Vehicles. It begins with an introduction to technology and standards. It then looks at the key security challenges and asks how prepared we are to deal with the future risks.
- It is a perfect case study in the challenge of achieving cybersecurity on a massive scale.
This document discusses geographical routing protocols for vehicular ad hoc networks (VANETs). It provides an overview of VANET characteristics and challenges, including changing network topology due to node mobility. Several geographical routing protocols are described, including GPSR, GPSR-AGF, GPCR, A-STAR, GSR, GyTAR and LOUVRE. The document compares GPSR and GPCR, and discusses how protocols like A-STAR may be better suited for urban environments compared to GPSR. Simulation tools for evaluating VANET protocols are also covered, along with considerations for implementing geographical routing in Bangladesh.
CAN (Controller Area Network) Bus ProtocolAbhinaw Tiwari
The document discusses the CAN bus protocol. It provides an introduction that describes CAN as a multi-master, broadcasting, serial communication protocol for reliable data exchange between electronic control units. It then discusses CAN applications in automotive, industrial, medical and other fields. The document outlines CAN characteristics such as message prioritization, arbitration, data protection methods, and advantages like reliability and robustness in noisy environments. It concludes that CAN is well-suited for applications requiring many short messages with high reliability.
This document provides an overview of CAN BUS systems used in automotive applications. It discusses the requirements for CAN BUS, including the use of twisted pair cable and termination resistors. The document describes the CAN frame format, including the arbitration, control, data, and CRC fields. It explains the OSI layers for CAN, including the physical layer that transmits electrical signals and the data link layer that handles carrier sensing and collision avoidance. Advantages of CAN BUS are its support for multiple masters, reduced wiring complexity, error detection capabilities, and high speeds up to 1Mbps. CAN BUS is also compared to FlexRay, with CAN having lower cost but lower maximum speed.
Intelligent traffic information and control systemSADEED AMEEN
This document proposes an intelligent traffic information and control system that uses image processing and wireless communication to control traffic lights. A camera at intersections will capture images and detect vehicle presence to adjust light durations accordingly. An emergency vehicle clearance system will turn all lights green on its path. Zigbee modules allow wireless communication between an ambulance and traffic controller. Additionally, a traffic management system and chatbot provide traffic information to users. The system will use incremental development, initially controlling lights with Arduino then adding congestion control with image processing.
Connected Car Security Issues:
4 main components-
1- ECU (Electronic Control Unit)
2- CAN Bus (Control Area Network Bus)
3- OBD (Onboard Diagnostics)
4- Infotainment
The document discusses embedded systems in automobiles. It defines embedded systems and describes their characteristics. It then discusses several key automotive systems that use embedded technology like airbags, anti-lock braking systems (ABS), and event data recorders (EDRs). Airbags use sensors to detect crashes and actuators to deploy the airbags at varying levels depending on crash severity. ABS uses wheel speed sensors to detect lockup and controls braking pressure to prevent skidding. EDRs permanently record crash data to help with accident reconstruction. Embedded systems are critical components in modern automotive safety and electronic features.
CAN (Controller Area Network) is a standard bus system for connecting electronic control units within vehicles. It allows microcontrollers and devices to communicate with each other in applications without a host computer. CAN achieves data transfer rates of up to 1Mbps over distances of 40 meters and supports up to 2032 nodes. It uses a multi-master broadcast type of network with error detection capabilities and prioritizes messages based on identifiers. CAN was introduced in 1986 and standardized in 1993 for automotive applications due to its robustness, reliability and low cost.
The project is designed to develop a density based dynamic traffic signal system having remote override facilities. During normal time the signal timing changes automatically on sensing the traffic density at the junction but in the event of any emergency vehicle like ambulance, fire brigade etc. requiring priority are built in with RF remote control to override the set timing by providing instantaneous green signal in the desired direction while blocking the other lanes by red signal for some time. Traffic congestion is a severe problem in many major cities across the world thus it is felt imperative to provide such facilities to important vehicles.
Conventional traffic light system is based on fixed time concept allotted to each side of the junction which cannot be varied as per varying traffic density. Junction timings allotted are fixed. Sometimes higher traffic density at one side of the junction demands longer green time as compared to standard allotted time. The proposed system using a PIC microcontroller duly interfaced with sensors, changes the junction timing automatically to accommodate movement of vehicles smoothly avoiding unnecessary waiting time at the junction. The sensors used in this project are IR, are in line of sight configuration across the loads to detect the density at the traffic signal. The override feature is activated by an on board RF transmitter operated from the emergency vehicle.
This document discusses machine learning techniques for reconstructing radio maps in wireless networks. It addresses challenges like high mobility, noisy channels, and stringent 5G requirements. It proposes using adaptive learning to reconstruct pathloss, traffic, and load maps online from user measurements. Key ingredients discussed are sparse multi-kernel approaches for pathloss, Gaussian processes for traffic, and hybrid-driven methods for load estimation. The techniques can provide probabilistic bounds and optimize network configuration for energy efficiency.
This document describes an intelligent parking system called iPARK that uses IoT and AI technologies. iPARK aims to make parking more manageable by providing an available parking space list, automatically sensing vehicle movement, and allowing users to securely lock and unlock gates. It guides vehicles to the nearest available spot to reduce waiting times, fuel consumption, and carbon emissions. The system includes hardware components like Arduino Mega, Ethernet shield, LDR sensors and servo motors, along with software like PHP and MySQL. It uses techniques like registration, login, space selection, and gate locking/unlocking. Future work may include a distributed database to control spots nationwide, location-based parking searches, and automated payment services.
Understanding UNECE WP.29 regulations on cybersecurityDominik Strube
This document discusses how a Cyber Security Management System (CSMS) and Software Update Management System (SUMS) fit together for vehicle certification. A CSMS follows ISO/SAE 21434 and ensures cybersecurity is managed across a carmaker's lifecycle, while a SUMS follows ISO AWI 24089 and manages over-the-air software updates. Both the CSMS and SUMS must be certified by a third party and their certificates are valid for 3 years. Vehicle type approval requires presenting valid CSMS and SUMS certificates as well as system validation reports, with the third party certifying compliance with regulations like UNECE R155.
This document describes a project report submitted by two students for their bachelor's degree. It outlines the development of an alcohol detection system for vehicles using various hardware components like an alcohol sensor, microcontroller, LCD, buzzer, GSM module and motor. The system is intended to detect if a driver has consumed alcohol and prevent the vehicle from starting by activating the buzzer and taking control of the vehicle remotely through wireless communication.
This document describes an anti-theft security system developed for vehicles. The system uses an Arduino Mega microcontroller along with GSM and GPS modules to track stolen vehicles and send location updates to the owner via SMS. If an unauthorized key is inserted, the system will send an SMS alert to the owner with the vehicle's location. It also includes a password-protected emergency feature that allows limited movement of the vehicle. The goals of the system are to reduce vehicle theft rates, help recover stolen vehicles, and provide an inexpensive solution. The document reviews related work and provides details on the hardware components, operational flow, and prototype testing results. It concludes that the low-cost system can help deter theft and is a technological and
Federal Aviation Administration (FAA) is responsible for overseeing the US National Airspace System, which comprises ATC systems, procedures, facilities, and aircraft, and the people who operate them. FAA is implementing Next Generation Air Transportation System (NextGen) to move the current radar-based air-traffic control (ATC) system to one that is based on satellite navigation and automation. It is essential that FAA ensures effective information-security controls are incorporated in the design of NextGen programs to protect them from threats. This talk discusses the threats FAA faces and the cyber security controls adopted by FAA in implementation of these NextGen Air Transportation System.
Cyber security involves protecting computers, networks, programs and data from unauthorized access and cyber attacks. It includes communication security, network security and information security to safeguard organizational assets. Cyber crimes are illegal activities that use digital technologies and networks, and include hacking, data and system interference, fraud, and illegal device usage. Some early forms of cyber crime date back to the 1970s. Maintaining antivirus software, firewalls, backups and strong passwords can help protect against cyber threats while being mindful of privacy and security settings online. The document provides an overview of cyber security, cyber crimes, their history and basic safety recommendations.
Cyber Security in the market place: HP CTO DaySymantec
Cyber Security in the market place overview presented at HP CTO Day,covering: the current cyber-security threats to Enterprise Businesses and Government Departments, along with the board-level concerns and priorities for investment in systems and services to protect and secure their information.
The document discusses the business value drivers for Internet of Things (IoT) solutions. It notes that the number of connected devices is expected to grow dramatically in the next decade, with estimates ranging from 50 billion to 1 trillion devices by 2025. This growth of IoT has the potential to create $2.7-$6.2 trillion in annual economic impact by 2025. The document outlines examples of how various industries like retail, utilities, insurance and oil/gas are pursuing IoT initiatives to lower costs, improve customer service and gain operational efficiencies.
The document discusses cybersecurity risks in industrial control systems used in chemical plants. It begins with an introduction to industrial control systems and their components. It then outlines the stages of a potential cyber-physical attack against such a system - gaining initial access, discovering details of the physical process, gaining control of systems, causing damage through manipulation of the process, and covering tracks. Specific attack scenarios are described, such as using water hammer effects to damage pipes. The talk aims to illustrate vulnerabilities to help drive improvements in the security of industrial control systems.
Smart & Secure City Solutions by Rupinder SinghIPPAI
This document discusses Cisco's smart and secure city solutions for transforming government protection of people, property, and critical infrastructure. It describes setting up a central command center connected via an IP network to IP cameras, video analytics, and emergency communication systems at key points of interest around the city to enable central monitoring and intelligent incident detection. The goal is to provide intelligent traffic management, citizen and asset protection, and ensure public safety.
Cyber security for smart cities an architecture model for public transportAndrey Apuhtin
This document provides an overview of cyber security considerations for public transport systems in smart cities. It defines key stakeholders and interactions between public transport operators and other entities. The document presents an architecture model showing how these interactions mature as cities become smarter. It identifies cyber threats, including intentional attacks and accidents, and recommends good practices for public transport operators to enhance cyber security. These include supporting a harmonized security framework, increasing knowledge sharing and spending on security, and clearly defining security roles and responsibilities across stakeholders.
This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013
An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection
Cybercrime involves using computers or the internet to commit crimes like identity theft, software piracy, or distributing viruses. The first recorded cybercrime took place in 1820. Computers can be the target of attacks or used as a weapon to enable real-world crimes. Common cyber attacks include financial fraud, network sabotage, proprietary information theft, and denial of service attacks. Cybersecurity aims to establish rules and measures to protect against internet attacks through tools like antivirus software, firewalls, and security updates.
Cybercrime involves using computers or the internet to steal identities or import illegal programs. The first recorded cybercrime took place in 1820. There are different types of cybercrimes such as hacking, denial of service attacks, computer viruses, and software piracy. Cybercrimes also include using computers to attack other systems, commit real-world crimes, or steal proprietary information. Common cyber attacks include financial fraud, sabotage of networks, theft of data, and unauthorized access. Internet security aims to establish rules to protect against such attacks by using antivirus software, firewalls, and updating security settings regularly.
Cyber crime involves unlawful activities using computers and the internet. The document categorizes cyber crimes as those using computers to attack other computers or as tools to enable real-world crimes. It provides examples of various cyber crimes like hacking, child pornography, viruses, and cyber terrorism. It stresses the importance of cyber security to defend against attacks through prevention, detection and response. The document advises safety tips like using antivirus software, firewalls, and strong passwords. India's cyber laws address both traditional crimes committed online and new crimes defined in the Information Technology Act.
This document discusses cybercrime and how to prevent becoming a victim. It begins by explaining why we should be aware of cybercrime given our increasing online activities. The objectives are then outlined as providing awareness of cybercrime, recognizing methods, understanding cyber laws, and learning to avoid victimization. Various types of cybercrime are defined including those against persons, property, and government. Examples like phishing, hacking, and cyber terrorism are described. The history of cybercrime in India involves many website hacks and defacements. Laws are still lacking to fully address cybercrime. Awareness, security software, and caution are recommended for protection.
This document discusses cyber security and the need for it. It begins by defining cyber security as the security offered through online services to protect information. It then discusses how security threats are increasing as more people go online. The document covers the meaning of the term "cyber," major security problems like viruses and hackers, and ways to implement and maintain cyber security, such as using strong passwords and firewalls. It concludes by emphasizing that cyber security is everyone's responsibility.
Cyber crime is a growing problem in India. Some common cyber crimes reported in India include phishing, hacking of government websites, and identity theft. India ranks 11th globally for reported cyber crimes, which are increasing due to factors like rapid growth of internet users. Common cyber crimes involve unauthorized access to systems, data theft and alteration, and using computers to enable other illicit activities. While laws like the IT Act 2000 have been enacted to tackle cyber crimes, enforcement remains a challenge as only a small percentage of crimes are reported. Techniques like antivirus software, firewalls, and educating users can help address the problem.
This document provides an overview of cyber crime and security. It defines cyber crime as illegal activity committed on the internet, such as stealing data or importing malware. The document then covers the history and evolution of cyber threats. It categorizes cyber crimes as those using the computer as a target or weapon. Specific types of cyber crimes discussed include hacking, denial of service attacks, virus dissemination, computer vandalism, cyber terrorism, and software piracy. The document concludes by emphasizing the importance of cyber security.
This document discusses intelligent transportation systems (ITS), which use advanced technologies to improve transportation efficiency and safety. ITS aims to minimize traffic problems and enhance commuter safety, comfort and travel time. Key ITS technologies discussed include wireless communication, computational technologies, floating car data, sensing technologies, and collision avoidance systems. Functional areas of ITS covered are electronic toll collection, emergency notification, congestion pricing, road enforcement, traveler information services and emergency management. Benefits of ITS include time savings, improved safety, reduced crashes and costs, increased satisfaction and environmental benefits.
The document provides an overview of inter-vehicle communication (IVC), which allows vehicles to communicate with each other to exchange information. It discusses key topics such as the components that enable smart vehicles, the radio bands used to facilitate communication, parameters collected from vehicles, open problems in the field, advantages and disadvantages of IVC, and applications. The conclusion states that IVC protocols have potential to greatly enhance vehicle safety, communication, and convenience but security and privacy are important challenges as vehicles become more connected.
Intelligent Transportation System (ITS) is the modern technique implemented in many developed countries and is under implementation in developing countries like india.This presentation gives a brief idea about ITS.
The document discusses how Internet of Things (IoT) technologies are being implemented throughout airports to improve operations and the traveler experience. From parking lots to terminals to planes, networked systems track baggage, provide flight information, enable mobile check-in, and more. However, airports also present connectivity challenges due to unique space constraints, mixed user networks, and electromagnetic interference. Effective airport network design requires coordination, virtualization, and standards to address these challenges and support growing data needs.
Current state of automotive network securityFFRI, Inc.
Many electronic devices have been used by automobiles.These devices are connected each other and communicate to control automobile. Recent years, automotive network has been connected to smartphones and the internet. It makes new threats turn up. This slides summarizes how automotive network security have been and what is expected as incoming threats.
An OSGi based HMI for networked vehicles - Miguel García Longarón, TIDmfrancis
This document discusses the vision for networked vehicles and the need for an OSGi-based human-machine interface (HMI). Tomorrow's vehicles will be networked and able to communicate with each other and infrastructure for safety and infotainment services. An on-board communication gateway will select the best network. A standard HMI is key to realizing this vision and maximizing safety benefits. The HMI must adapt to the driver and select appropriate information to present. OSGi technology provides a modular way to build such a dynamic HMI system. The document also describes Telefonica's demonstration platform for an in-vehicle service platform and communications system based on OSGi.
types of modern technologies used in transportation, uses of modern technology in transportation ,Introduction
Why ITS?
Application of ITS
Implementation of ITS
Benefits of ITS
Demerits of ITS
This document provides an overview of Vehicular Ad-Hoc Networks (VANETs). It discusses how VANETs allow vehicle-to-vehicle and vehicle-to-infrastructure communication using technologies like Dedicated Short Range Communication. It describes the challenges of VANETs including routing delays and security issues. Finally, it outlines some of the safety, convenience and commercial applications that are possible with VANETs such as improved traffic management and navigation services.
The CVIS Project aims to create a wireless network between vehicles and infrastructure to increase efficiency and safety. It has over 200 partners across Europe working on applications like traffic control, management, and monitoring. The CVIS architecture is based on OSGi and defines services for communication, security, device access, location, and more to enable applications to share traffic information. This creates an open platform for cooperative intelligent transport systems using both vehicle-to-vehicle and vehicle-to-infrastructure communication.
DefCamp 2013 - In vehicle CAN network securityDefCamp
This document provides an overview of in-vehicle networks and hacking vehicle networks. It discusses how Controller Area Networks (CAN) are commonly used to allow electronic control units to communicate by broadcasting messages over a bus. The author then describes their own attempts to connect to a Volkswagen Passat's CAN bus, identify messages, spoof commands, and flood the network. They were able to control door locks and windows. The document concludes that vehicle network security relies mainly on obscurity and that authentication and encryption are needed to properly secure in-vehicle communication.
Disaggregation, automation and autonomy in optical networkingADVA
At this year's NYSERNet conference, Niall Robinson discussed the latest breakthroughs and field trials on the path to optical network automation and disaggregation.
This document provides an overview of intelligent transportation systems (ITS). It discusses ITS technologies like wireless communications, sensors for vehicle detection, and video detection. It also outlines ITS applications such as electronic toll collection using FASTags, variable message signs, automatic road enforcement with cameras, and collision avoidance systems. The benefits of ITS are described as time savings, improved safety, reduced crashes and costs. Potential challenges are also noted around integration and high equipment/maintenance expenses.
China rail high speed wireless internet serviceJen-chih Liu
SoMAX provides wireless internet on China's high-speed rail system (CRH) using an intelligent mesh network technology. It extends China's influence by demonstrating its technological capabilities while also being more cost-effective than traditional cellular networks. SoMAX creates a self-forming mesh between access points on trains and along tracks to provide continuous high-speed connectivity even at speeds up to 400 km/hr. The system has applications for train operations, environmental monitoring, and surveillance that require reliable connectivity.
Feasible car cyber defense - ESCAR 2010Iddan Halevy
The document discusses cybersecurity threats to modern connected cars and proposes solutions. It notes that cars now contain dozens of computers connected by network segments, and protocols like CAN bus were not designed with security in mind. Hackers have shown they can disable functions, access personal data, or gain vehicle control. The proposed solution is a standalone CAN bus firewall device that acts as a filter between network segments using authentication, whitelisting, and rate limiting to block attacks and intrusions. This low-cost hardware approach aims to bolster vehicle security without requiring redesign of existing vehicle software or networks.
CANSPY: A platform for auditing CAN devicesPriyanka Aash
"In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smartcars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what professional tools from automobile manufacturers can do. In fact, they will do less as they do not have knowledge of upper-layer protocols.
Security auditors are used to dealing with this kind of situation: they reverse-engineer protocols before implementing them on top of their tool of choice. However, to be efficient at this, they need more than just being able to listen to or interact with what they are auditing. Precisely, they need to be able to intercept communications and block them, forward them or modify them on the fly. This is why, for example, a platform such as Burp Suite is popular when it comes to auditing web applications.
In this talk, we present CANSPY, a platform giving security auditors such capabilities when auditing CAN devices. Not only can it block, forward or modify CAN frames on the fly, it can do so autonomously with a set of rules or interactively using Ethernet and a packet manipulation framework such as Scapy. It is also worth noting that it was designed to be cheap and easy to build as it is mostly made of inexpensive COTS. Last but not least, we demonstrate its versatility by turning around a security issue usually considered when it comes to cars: instead of auditing an electronic control unit (ECU) through the OBD-II connector, we are going to partially emulate ECUs in order to audit a device that connects to this very connector."
(Source: Black Hat USA 2016, Las Vegas)
Drive-by-wire technology replaces traditional mechanical systems with electronic systems controlled by electronic control units (ECUs). ECUs consist of microcontrollers, sensors, power switches, drivers, and voltage regulators. They connect sensors and actuators to a central ECU. Modern cars contain up to 100 ECUs communicating over automotive bus protocols like CAN, LIN, and FlexRay. This allows for advanced driver assistance systems like anti-lock braking systems and electronic stability control.
This document discusses connected car security threats and potential mitigation strategies. It provides an overview of hacks that have targeted connected vehicle systems. It also summarizes the SPY Car Act legislation which aims to establish cybersecurity and privacy standards for connected vehicles. Finally, it discusses some strategies for securing connected vehicle systems, such as implementing vehicle system security, vulnerability testing, data security, and attack mitigation capabilities.
Early Builders' Roundtable APCO 2013 Conference 08-20-13Bill Schrier
Four early builders of LTE Public Safety wireless broadband networks share their lessons learned at the APCO 2013 Conference in Anaheim. Chuck Robinson of Charlotte, Barry Fraser of Bay-RICS, Todd Early of Texas and Vicki Helfrich of Mississippi are presenters. Moderated by Bill Schrier
What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill RoadsSprinter Gurus
Unlock the secrets behind your Mercedes Sprinter's uphill power loss with our comprehensive presentation. From fuel filter blockages to turbocharger troubles, we uncover the culprits and empower you to reclaim your vehicle's peak performance. Conquer every ascent with confidence and ensure a thrilling journey every time.
Welcome to ASP Cranes, your trusted partner for crane solutions in Raipur, Chhattisgarh! With years of experience and a commitment to excellence, we offer a comprehensive range of crane services tailored to meet your lifting and material handling needs.
At ASP Cranes, we understand the importance of reliable and efficient crane operations in various industries, from construction and manufacturing to logistics and infrastructure development. That's why we strive to deliver top-notch solutions that enhance productivity, safety, and cost-effectiveness for our clients.
Our services include:
Crane Rental: Whether you need a crawler crane for heavy lifting or a hydraulic crane for versatile operations, we have a diverse fleet of well-maintained cranes available for rent. Our rental options are flexible and can be customized to suit your project requirements.
Crane Sales: Looking to invest in a crane for your business? We offer a wide selection of new and used cranes from leading manufacturers, ensuring you find the perfect equipment to match your needs and budget.
Crane Maintenance and Repair: To ensure optimal performance and safety, regular maintenance and timely repairs are essential for cranes. Our team of skilled technicians provides comprehensive maintenance and repair services to keep your equipment running smoothly and minimize downtime.
Crane Operator Training: Proper training is crucial for safe and efficient crane operation. We offer specialized training programs conducted by certified instructors to equip operators with the skills and knowledge they need to handle cranes effectively.
Custom Solutions: We understand that every project is unique, which is why we offer custom crane solutions tailored to your specific requirements. Whether you need modifications, attachments, or specialized equipment, we can design and implement solutions that meet your needs.
At ASP Cranes, customer satisfaction is our top priority. We are dedicated to delivering reliable, cost-effective, and innovative crane solutions that exceed expectations. Contact us today to learn more about our services and how we can support your project in Raipur, Chhattisgarh, and beyond. Let ASP Cranes be your trusted partner for all your crane needs!
The Octavia range embodies the design trend of the Škoda brand: a fusion of
aesthetics, safety and practicality. Whether you see the car as a whole or step
closer and explore its unique features, the Octavia range radiates with the
harmony of functionality and emotion
Ever been troubled by the blinking sign and didn’t know what to do?
Here’s a handy guide to dashboard symbols so that you’ll never be confused again!
Save them for later and save the trouble!
Implementing ELDs or Electronic Logging Devices is slowly but surely becoming the norm in fleet management. Why? Well, integrating ELDs and associated connected vehicle solutions like fleet tracking devices lets businesses and their in-house fleet managers reap several benefits. Check out the post below to learn more.
Fleet management these days is next to impossible without connected vehicle solutions. Why? Well, fleet trackers and accompanying connected vehicle management solutions tend to offer quite a few hard-to-ignore benefits to fleet managers and businesses alike. Let’s check them out!
3. • Transportation Cyber Security
• Aviation Attacks
• Public Transport Attack
• Remote Exploitation of a Vehicle and other vegetables
• Q & A
Todays Agenda:
4
4. • The transportations segment includes many area:
• Mass land transportation – Trains, Busses, Trucks etc.
• Aviation transport – Planes, Airports among others.
• Naval transport – Ships, harbors, nav. system etc.
• Traffic & Transit control – signal control, warning lights,
road crossing illumination, tunnels and many more
• Vehicle – CAN bus, ECM, ECU, connected vehicles
• Most of the systems used are SCADA systems
• They are used for: power control, emergency
ventilation control, alarms, indicators, sensors,
fire/intrusion detection, control/signaling, AVL,
access control etc.
Transportation Cyber Security
5
5. • Most of the those system are vulnerable to cyber
attacks since most are not totally disconnected
• Some are prone to physical access or even Radio
data link or Cellular (Watch Tower, Black Box etc)
• Maintenance, firmware and software upgrades
• And the list gets even longer
• Manifestation Impact – a vulnerability cascading
effect reaching other systems & services
• One must ensure the Confidentiality (not
necessarily security classified information), the
Availability and the Integrity of information in ICT
systems
Areas of Compromise
6
6. • Expanding the scope from focusing only on
external hostile threats to miscellaneous general
external and internal threats – caused deliberately
and accidently, technical failures and natural
disasters
• For instance: Avionics control system failure in UK
following a software upgrade
• Strong emphasis on supposedly peripheral
systems that are not defined as critical national
infrastructures
• For instance: LOT airline company cyber attack
My Work Objectives & Tasks
7
8. • On June 21st operations were disrupted at
Warsaw Chopin Airport by what LOT Polish
Airlines said was a cyberattack on flight-planning
computers. 10 LOT flights were canceled and
some 15 others were grounded for several hours,
affecting roughly 1,400 passengers
LOT Airline Cyber Attack
9
9. • U.S. aviation regulators and industry officials have begun developing
comprehensive cybersecurity protections for aircraft, seeking to cover
everything from the largest commercial jetliners to small private planes
LOT Airline Cyber Attack
10
10. • On July 8th 2015 – United Airlines issued a
statement saying it suffered from “a network
connectivity issue” – effecting 4,900 flights were
impacted by the problem worldwide
United Airline vulnerabilities
11
11. • On July 15th 2015 – United Airlines gave 1 million
miles bug bounty to a security researcher after
finding Remote-execute, XSS and CSRF bug in
the Airline mobile-app & website enabling private
information disclosure and exploits
United Airline vulnerabilities
12
12. • On August 17th 2015 – United Airlines frequent
Flyer App was hacked revealing passengers
private information – Yosi Dahan (whitehat hacker)
United Airline vulnerabilities
13
14. Once in the
system, they
disconnected
signal control
boxes at four
intersections and
locked out
anyone else from
being able to fix
the problem
"So for four days
in this major city,
the traffic lights
would just blink
and go from color
to color"
A large US city
locked in labor
negotiations with
union employees was
hit by two employees
who helped build the
traffic control system
for the organization
in protest of the
proceedings. Even
though the city had
pre-emptively
disabled union
employee access to
systems due to
concerns of potential
sabotage, these two
insiders managed to
gain control of the
system due to a
supervisor previously
sharing his
credentials.
Dawn Cappelli,
principal engineer
at CERT
Insiders using authorized access
18
16. • Two researchers from US:
• Charlie Miller
• Chris Valasek
• Work diligently since 2010 on DARPA funding
• VIDEO DEMO
Hacking Chrysler Jeep Remotely
17
17. • Controller Area Network (CAN)
• Developed by Bosch 1983-86 for automobile in-
vehicle network
• Multi-drop, Multi-master serial bus providing
communication between controllers, sensor and
actuators
• Highly reliable and robust, well proven technology
• Inexpensive
• First car BMW series 8 - 1988
• 100% car since 2008 user CAN bus
CAN Bus Quick Intro
18
18. • Until CAN Bus – vehicles contained enormous
amounts of wiring that was necessary to
interconnect all the various electronic components
CAN Bus Quick Intro
19
19. • CAN Bus reduced wiring in over 2km and weight
of over 50kg
CAN Bus Quick Intro
20
20. • International Standard ISO 11898
• ISO 11898-2 High speed application –1 Mbps
• ISO 11898-3 Low speed application –125 Kbps
• CAN id being used widely in other applications:
• Automotive
• Military vehicles
• Industrial machinery
• Medical systems
• Agricultural machinery
• Marine control and navigation
• Elevator control systems
CAN Bus Quick Intro
21
21. • Network Layered Model
CAN Bus – based on OSI model
22
Partially implemented by higher-
level CAN protocols like
CANopen, CANaerospace,
MilCAN, SAE J1939, ISO 1132
and others
Standard CAN implementation
defines most of the lowest two
layers (physical details often
specified by higher-layer
protocol)
Bypass used without
higher-layer protocols
User Interface
22. • All messages are broadcast
• Any node is allowed to broadcast a message
• Each message contains an ID that identifies the
source or content of a message
• Each receiver decides to process or ignore each
message
• Single twisted pair wire terminated on each end
CAN Bus Characteristics
23
24. • Oscilloscope – Signal levels (Differential signaling)
CAN Bus Characteristics
25
CAN H
CAN L
25. • Oscilloscope – Signal levels (Differential signaling)
CAN Bus Characteristics
26
Recessive 0 Dominant 0 Recessive 1
26. • Data Frame
• Used to transmit data
• Remote Frame
• Used to request data transmission
• Error Frame
• Sent by a node that detects an error
• Overload Frame
• Sent by a node to request a delay in transmission
CAN Bus Network Frames
27
27. • Multiple operation sensors
• Alarms & Alerts can be disabled and even used…
CAN Bus Vehicle Platform
28
28. • CAN Bus can be used to access other vehicle
systems
CAN Bus & Other Vehicle Platforms
29
30. • The Jeep Cherokee was chosen due to the fact
that the head unit (Radio) is connected to both
CAN buses
Chrysler Jeep 2014
31
31. • Adaptive Cruise Control (ACC)
• assists the driver in keeping the proper distance between
themselves and cars ahead of them
• Forward Collision Warning Plus (FCW+)
• prevents the Jeep from colliding with objects in front of it
Cyber Physical Features
32
32. • Lane Departure Warning (LDW+)
• examines the lines on the road (i.e. paint) to detects the Jeep is
leaving the current lane, it will adjust the steering wheel to keep
the vehicle in the current lane
Cyber Physical Features
33
33. • Park Assist System (PAM)
• Permits the driver to effortlessly park the car without much driver
interaction in various scenarios, such as parallel parking, backing
into a space, etc.
• The PAM technology played a key role in the hack
• Enabling to use this PAM to steer an automobile at high speed
with CAN messages alone
Cyber Physical Features
34
34. • Other vulnerable systems
• Tire Pressure Monitoring System (TPMS)
• Passive Anti-Theft System (PATS)
• Bluetooth
• Radio Data System
• WiFi
• GPS
• HVAC (Heating and Air Conditioning)
• Display
• Knobs
Cyber Physical Features
35
35. • Every piece of technology that interacts with the
outside world is a potential entry point
Remote Attack Surface
36
36. • Many modern automobiles contain a cellular radio,
generically referred to as a telematics system,
used to connect the vehicle to a cellular network,
for example GM’s OnStar. The cellular technology
can also be used to retrieve data, such as traffic
or weather information
• This is the holy grail of automotive attacks (Long
Cellular cover)
• On the Jeep, all of these features are controlled
by the Radio, which resides on both the CAN-IHS
bus and the CAN-C bus
Telematics / Internet / Apps
37
37. • The Uconnect system in the Jeep contains the
ability to communicate over cellular network using
a sierra wireless card for remote connectivity
Telematics / Internet / Apps
38
38. • The telematics, Internet, radio, and Apps are all
bundled into the Harman Uconnect system that
comes with the 2014 Jeep Cherokee
Infotainment
39
39. • The 2014 Jeep Cherokee uses the Uconnect
8.4AN/RA4 radio manufactured by Harman
Kardon with the majority of functionality is
physically located on a Texas Instruments OMAP-
DM3730 system on a chip which is common within
automotive systems
• The system uses LUA language:
a common powerful, fast, lightweight, embeddable
scripting language used in many systems
worldwide
Uconnect System
40
40. • As mentioned earlier, the Uconnect system has
the ability to interact with both the outside world,
via Wi-Fi, Cellular, and BT and with the CAN bus
• The processor responsible for interacting with the
Interior High Speed CAN (CAN-IHS) and the
primary CAN-C bus is a Renesas V850
CAN Connectivity
41
41. • To hack the V850 chip you need the right tools for
the job… Which cost the researchers over $6,700
plus having a $1800 per year Tech Authority
subscription for being able to buy and updates…
CAN Hacking & Connectivity
42
42. • Using the wiTECH tools you are able to see the
entire network of the vehicle
Chrysler Jeep
43
43. WiFi Open Ports
44
• Scanning the vehicle exposed WiFi ports reveals
many open ports
45. • With all of these services, there is a good chance
a vulnerability would be present that could allow
remote exploitation, port 6667 seems interesting
• This port is D-Bus over IP, which is essentially an
inter-process communication (IPC) and remote
procedure call (RPC) mechanism used for
communication between processes
WiFi Open Ports
46
No Password Needed!!!
46. • Using DFeet (wiTECH tool) to interact with the
D-Bus service on the Jeep for methods to start
‘com.harman.service.SoftwareUpdate’ service
D-Bus Software Update
47
47. • Inserting a USB with a valid ISO to the Uconnect
begins the updating process
Jailbreak Uconnect
48
48. • So a new compromised Firmware enables to
remotely control the vehicle.
• Even an unsigned firmware can be used to update
the system from the head unit
• The problem is that the system is only designed to
perform the upgrade from a USB
• This is a big complication for an attacker, since we
want to flash the V850 (OMAP chip) without a
USB stick…
Software Firmware Upgrade
49
49. • Port 6667 IRC, is bound to all interfaces, therefore
D-Bus communications can be performed against
the Jeep over the cellular network!
Cellular Exploitation – Remote Update
50
50. • Was used to enable the vehicle to connect to the
hacker – using a miniature cell tower (provided to
customers with bad reception in their residence).
The device can also be used to intercept cellular
traffic and modified to an attacker’s specifications
Femtocell
51
51. • Scanning port 6667 from a Sprint device on the IP
addresses 21.0.0.0/8 and 25.0.0.0/8. Anything
that responds is a vulnerable Uconnect system
Scanning for vulnerable vehicles
52
52. • The D-Bus service on port 6667 running on the
Uconnect system in susceptible to command
injection vulnerabilities
• Utilizing the ‘NavTrailService’ where code is
implemented in
‘/service/platform/nav/navTrailService.lua’
• Unbelievable the service includes ‘execute’
method which is designed to execute arbitrary
shell commands!!!
Gaining Code Execution
53
53. • Running arbitrary code on the head unit (OMAP
chip) within the Uconnect system enables running
various LUA scripts that can be used to affect the
vehicle
• This gives the hackers the possibility to remotely
control the 2014 Jeep Cherokee – even when a
person is inside the vehicle
Uconnect Attack Payloads
54
54. • Identify target
• Exploit the OMAP chip of the head unit
• Control the Uconnect System
• Flash the v850 with modified firmware remotely
• Perform cyber physical actions
Summary - The entire exploit chain
55