SlideShare a Scribd company logo

Cyber Security in Transportation

Oren Elimelech
Oren Elimelech

Remote hacking a car Presentation by Oren Elimelech @ ICT 19th August 2015 Inspired by: Remote Exploitation of an Unaltered Passenger Vehicle, by: Dr. Charlie Miller & Chris Valasek - Black Hat USA Auigust 2015

Automotive
1 of 58
Download to read offline
Lecturer: Oren Elimelech Ministry of Transport & Road Safety Cyber Security Adviser / SecuRegion CISO CISO, CISM, CISA, CISSP, VCP, MCSE, MCT, A+, CCIE, CCSA Cyber Security in Transportation 19th August 2015
Oren Elimelech Cyber Security, GRC, ITC, Forensics & Cloud Consultant • • • • • • • • • • • • ISC2• ISSA• ISACA • IARM• CSA• OWASP 2 Who are you?... About Myself
• Transportation Cyber Security • Aviation Attacks • Public Transport Attack • Remote Exploitation of a Vehicle and other vegetables • Q & A Todays Agenda: 4
• The transportations segment includes many area: • Mass land transportation – Trains, Busses, Trucks etc. • Aviation transport – Planes, Airports among others. • Naval transport – Ships, harbors, nav. system etc. • Traffic & Transit control – signal control, warning lights, road crossing illumination, tunnels and many more • Vehicle – CAN bus, ECM, ECU, connected vehicles • Most of the systems used are SCADA systems • They are used for: power control, emergency ventilation control, alarms, indicators, sensors, fire/intrusion detection, control/signaling, AVL, access control etc. Transportation Cyber Security 5
• Most of the those system are vulnerable to cyber attacks since most are not totally disconnected • Some are prone to physical access or even Radio data link or Cellular (Watch Tower, Black Box etc) • Maintenance, firmware and software upgrades • And the list gets even longer • Manifestation Impact – a vulnerability cascading effect reaching other systems & services • One must ensure the Confidentiality (not necessarily security classified information), the Availability and the Integrity of information in ICT systems Areas of Compromise 6
• Expanding the scope from focusing only on external hostile threats to miscellaneous general external and internal threats – caused deliberately and accidently, technical failures and natural disasters • For instance: Avionics control system failure in UK following a software upgrade • Strong emphasis on supposedly peripheral systems that are not defined as critical national infrastructures • For instance: LOT airline company cyber attack My Work Objectives & Tasks 7
Aviation Attacks 8
• On June 21st operations were disrupted at Warsaw Chopin Airport by what LOT Polish Airlines said was a cyberattack on flight-planning computers. 10 LOT flights were canceled and some 15 others were grounded for several hours, affecting roughly 1,400 passengers LOT Airline Cyber Attack 9
• U.S. aviation regulators and industry officials have begun developing comprehensive cybersecurity protections for aircraft, seeking to cover everything from the largest commercial jetliners to small private planes LOT Airline Cyber Attack 10
• On July 8th 2015 – United Airlines issued a statement saying it suffered from “a network connectivity issue” – effecting 4,900 flights were impacted by the problem worldwide United Airline vulnerabilities 11
• On July 15th 2015 – United Airlines gave 1 million miles bug bounty to a security researcher after finding Remote-execute, XSS and CSRF bug in the Airline mobile-app & website enabling private information disclosure and exploits United Airline vulnerabilities 12
• On August 17th 2015 – United Airlines frequent Flyer App was hacked revealing passengers private information – Yosi Dahan (whitehat hacker) United Airline vulnerabilities 13
Public Transport Attack 14
Once in the system, they disconnected signal control boxes at four intersections and locked out anyone else from being able to fix the problem "So for four days in this major city, the traffic lights would just blink and go from color to color" A large US city locked in labor negotiations with union employees was hit by two employees who helped build the traffic control system for the organization in protest of the proceedings. Even though the city had pre-emptively disabled union employee access to systems due to concerns of potential sabotage, these two insiders managed to gain control of the system due to a supervisor previously sharing his credentials. Dawn Cappelli, principal engineer at CERT Insiders using authorized access 18
Vehicle Attack 16
• Two researchers from US: • Charlie Miller • Chris Valasek • Work diligently since 2010 on DARPA funding • VIDEO DEMO Hacking Chrysler Jeep Remotely 17
• Controller Area Network (CAN) • Developed by Bosch 1983-86 for automobile in- vehicle network • Multi-drop, Multi-master serial bus providing communication between controllers, sensor and actuators • Highly reliable and robust, well proven technology • Inexpensive • First car BMW series 8 - 1988 • 100% car since 2008 user CAN bus CAN Bus Quick Intro 18
• Until CAN Bus – vehicles contained enormous amounts of wiring that was necessary to interconnect all the various electronic components CAN Bus Quick Intro 19
• CAN Bus reduced wiring in over 2km and weight of over 50kg CAN Bus Quick Intro 20
• International Standard ISO 11898 • ISO 11898-2 High speed application –1 Mbps • ISO 11898-3 Low speed application –125 Kbps • CAN id being used widely in other applications: • Automotive • Military vehicles • Industrial machinery • Medical systems • Agricultural machinery • Marine control and navigation • Elevator control systems CAN Bus Quick Intro 21
• Network Layered Model CAN Bus – based on OSI model 22 Partially implemented by higher- level CAN protocols like CANopen, CANaerospace, MilCAN, SAE J1939, ISO 1132 and others Standard CAN implementation defines most of the lowest two layers (physical details often specified by higher-layer protocol) Bypass used without higher-layer protocols User Interface
• All messages are broadcast • Any node is allowed to broadcast a message • Each message contains an ID that identifies the source or content of a message • Each receiver decides to process or ignore each message • Single twisted pair wire terminated on each end CAN Bus Characteristics 23
• Physical medium CAN Bus Characteristics 24
• Oscilloscope – Signal levels (Differential signaling) CAN Bus Characteristics 25 CAN H CAN L
• Oscilloscope – Signal levels (Differential signaling) CAN Bus Characteristics 26 Recessive 0 Dominant 0 Recessive 1
• Data Frame • Used to transmit data • Remote Frame • Used to request data transmission • Error Frame • Sent by a node that detects an error • Overload Frame • Sent by a node to request a delay in transmission CAN Bus Network Frames 27
• Multiple operation sensors • Alarms & Alerts can be disabled and even used… CAN Bus Vehicle Platform 28
• CAN Bus can be used to access other vehicle systems CAN Bus & Other Vehicle Platforms 29
Chrysler Jeep 2014 Remote Hacking 30
• The Jeep Cherokee was chosen due to the fact that the head unit (Radio) is connected to both CAN buses Chrysler Jeep 2014 31
• Adaptive Cruise Control (ACC) • assists the driver in keeping the proper distance between themselves and cars ahead of them • Forward Collision Warning Plus (FCW+) • prevents the Jeep from colliding with objects in front of it Cyber Physical Features 32
• Lane Departure Warning (LDW+) • examines the lines on the road (i.e. paint) to detects the Jeep is leaving the current lane, it will adjust the steering wheel to keep the vehicle in the current lane Cyber Physical Features 33
• Park Assist System (PAM) • Permits the driver to effortlessly park the car without much driver interaction in various scenarios, such as parallel parking, backing into a space, etc. • The PAM technology played a key role in the hack • Enabling to use this PAM to steer an automobile at high speed with CAN messages alone Cyber Physical Features 34
• Other vulnerable systems • Tire Pressure Monitoring System (TPMS) • Passive Anti-Theft System (PATS) • Bluetooth • Radio Data System • WiFi • GPS • HVAC (Heating and Air Conditioning) • Display • Knobs Cyber Physical Features 35
• Every piece of technology that interacts with the outside world is a potential entry point Remote Attack Surface 36
• Many modern automobiles contain a cellular radio, generically referred to as a telematics system, used to connect the vehicle to a cellular network, for example GM’s OnStar. The cellular technology can also be used to retrieve data, such as traffic or weather information • This is the holy grail of automotive attacks (Long Cellular cover) • On the Jeep, all of these features are controlled by the Radio, which resides on both the CAN-IHS bus and the CAN-C bus Telematics / Internet / Apps 37
• The Uconnect system in the Jeep contains the ability to communicate over cellular network using a sierra wireless card for remote connectivity Telematics / Internet / Apps 38
• The telematics, Internet, radio, and Apps are all bundled into the Harman Uconnect system that comes with the 2014 Jeep Cherokee Infotainment 39
• The 2014 Jeep Cherokee uses the Uconnect 8.4AN/RA4 radio manufactured by Harman Kardon with the majority of functionality is physically located on a Texas Instruments OMAP- DM3730 system on a chip which is common within automotive systems • The system uses LUA language: a common powerful, fast, lightweight, embeddable scripting language used in many systems worldwide Uconnect System 40
• As mentioned earlier, the Uconnect system has the ability to interact with both the outside world, via Wi-Fi, Cellular, and BT and with the CAN bus • The processor responsible for interacting with the Interior High Speed CAN (CAN-IHS) and the primary CAN-C bus is a Renesas V850 CAN Connectivity 41
• To hack the V850 chip you need the right tools for the job… Which cost the researchers over $6,700 plus having a $1800 per year Tech Authority subscription for being able to buy and updates… CAN Hacking & Connectivity 42
• Using the wiTECH tools you are able to see the entire network of the vehicle Chrysler Jeep 43
WiFi Open Ports 44 • Scanning the vehicle exposed WiFi ports reveals many open ports
WiFi Open Ports 45
• With all of these services, there is a good chance a vulnerability would be present that could allow remote exploitation, port 6667 seems interesting • This port is D-Bus over IP, which is essentially an inter-process communication (IPC) and remote procedure call (RPC) mechanism used for communication between processes WiFi Open Ports 46 No Password Needed!!!
• Using DFeet (wiTECH tool) to interact with the D-Bus service on the Jeep for methods to start ‘com.harman.service.SoftwareUpdate’ service D-Bus Software Update 47
• Inserting a USB with a valid ISO to the Uconnect begins the updating process Jailbreak Uconnect 48
• So a new compromised Firmware enables to remotely control the vehicle. • Even an unsigned firmware can be used to update the system from the head unit • The problem is that the system is only designed to perform the upgrade from a USB • This is a big complication for an attacker, since we want to flash the V850 (OMAP chip) without a USB stick…  Software Firmware Upgrade 49
• Port 6667 IRC, is bound to all interfaces, therefore D-Bus communications can be performed against the Jeep over the cellular network! Cellular Exploitation – Remote Update 50
• Was used to enable the vehicle to connect to the hacker – using a miniature cell tower (provided to customers with bad reception in their residence). The device can also be used to intercept cellular traffic and modified to an attacker’s specifications Femtocell 51
• Scanning port 6667 from a Sprint device on the IP addresses 21.0.0.0/8 and 25.0.0.0/8. Anything that responds is a vulnerable Uconnect system Scanning for vulnerable vehicles 52
• The D-Bus service on port 6667 running on the Uconnect system in susceptible to command injection vulnerabilities • Utilizing the ‘NavTrailService’ where code is implemented in ‘/service/platform/nav/navTrailService.lua’ • Unbelievable the service includes ‘execute’ method which is designed to execute arbitrary shell commands!!! Gaining Code Execution 53
• Running arbitrary code on the head unit (OMAP chip) within the Uconnect system enables running various LUA scripts that can be used to affect the vehicle • This gives the hackers the possibility to remotely control the 2014 Jeep Cherokee – even when a person is inside the vehicle Uconnect Attack Payloads 54
• Identify target • Exploit the OMAP chip of the head unit • Control the Uconnect System • Flash the v850 with modified firmware remotely • Perform cyber physical actions Summary - The entire exploit chain 55
•‫סמל‬‫תוצר‬-‫לדוגמא‬:19 •‫תוצר‬ ‫שם‬-‫לדוגמא‬:‫האודי‬ •‫דגם‬ ‫קוד‬-10 •‫תאור‬‫דגם‬-4LB0EL •‫המרכב‬-‫פנאי‬-‫שטח‬ •‫כינוי‬-Q7 •‫מנוע‬ ‫נפח‬-4163 •‫כולל‬ ‫משקל‬-3065 •‫גובה‬-173 •‫גימור‬ ‫רמת‬- •‫סוס‬ ‫כוחות‬-350 •‫דלתות‬ ‫מספר‬-5 •‫מזגן‬-‫יש‬ •‫אוויר‬ ‫כריות‬ ‫מספר‬-6 •‫מערכת‬ABS -‫יש‬ •‫אוטומטיים‬ ‫הילוכים‬-‫יש‬ •‫חלון‬‫בגאז‬- •‫שנה‬-2007 Free Data available in Israel from 2008 56 •‫קבוצת‬‫אגרה‬-7 •‫רישום‬ ‫הוראות‬-06-0526 •‫סה‬"‫רשומים‬ ‫כ‬-3 •‫פעילים‬ ‫רשומים‬-3 •‫הנעה‬-4X4 •‫כוח‬ ‫הגה‬-‫יש‬ •‫חשמל‬ ‫חלונות‬-4 •‫מגנזיום‬ ‫גלגלי‬-‫יש‬ •‫דלק‬ ‫סוג‬-‫בנזין‬ •‫ארגז‬- •‫יציבות‬ ‫בקרת‬-‫יש‬ •‫היברידי‬- •‫מושבים‬ ‫מספר‬-7 •‫גרירה‬ ‫כושר‬- •‫זיהום‬ ‫קבוצת‬- •‫תקינה‬- •‫בקרת‬‫מנתיב‬ ‫סטיה‬- •‫מלפנים‬ ‫מרחק‬ ‫ניטור‬- •‫מת‬ ‫בשטח‬ ‫זיהוי‬- •‫אדפטיבית‬ ‫שיוט‬ ‫בקרת‬- •‫זיהוי‬‫הולגי‬‫רגל‬- •‫לבלימה‬ ‫עזר‬ ‫מערכת‬- •‫מצלמת‬‫רוורס‬- •‫בצמיגים‬ ‫אוויר‬ ‫לחץ‬ ‫חיישני‬- •‫חגורות‬ ‫חיישני‬- •‫בטיחות‬ ‫ניקוד‬- •‫רמת‬‫איבזור‬‫בטיחותי‬- •‫אוטומטית‬ ‫תאורה‬- •‫באורות‬ ‫אוטומטית‬ ‫שליטה‬ ‫הגבוהים‬- •‫מסוכנת‬ ‫התקרבות‬ ‫מצב‬ ‫זיהוי‬- •‫תנועה‬ ‫תמרורי‬ ‫זיהוי‬-
-/briefings.html#remote15-www.blackhat.com/ushttps:// vehicle-passenger-unaltered-an-of-exploitation http://illmatics.com/Remote%20Car%20Hacking.pdf 57 Further Reading
Questions ? 58
Oren.Elimelech@gmail.com +972-505-375-385 59

Recommended

What is IVI (In Vehicle Infotainment)?
What is IVI (In Vehicle Infotainment)?What is IVI (In Vehicle Infotainment)?
What is IVI (In Vehicle Infotainment)?
Embitel Technologies (I) PVT LTD
 
automatic number plate recognition
automatic number plate recognitionautomatic number plate recognition
automatic number plate recognition
Sairam Taduvai
 
Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsm
anita maharjan
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
Dr. Anish Cheriyan (PhD)
 
Controller Area Network(CAN)
Controller Area Network(CAN)Controller Area Network(CAN)
Controller Area Network(CAN)
Ashutosh Bhardwaj
 
Controller Area Network (CAN) Protocol || Automotive Electronics || Hariharan K
Controller Area Network (CAN) Protocol || Automotive Electronics || Hariharan KController Area Network (CAN) Protocol || Automotive Electronics || Hariharan K
Controller Area Network (CAN) Protocol || Automotive Electronics || Hariharan K
Hariharan Krishnan
 
IOT Based Smart Parking and Damage Detection Using RFID
IOT Based Smart Parking and Damage Detection Using RFIDIOT Based Smart Parking and Damage Detection Using RFID
IOT Based Smart Parking and Damage Detection Using RFID
MaheshMoses
 
Speed detection-of-moving-vehicle-using-speed-cameras
Speed detection-of-moving-vehicle-using-speed-camerasSpeed detection-of-moving-vehicle-using-speed-cameras
Speed detection-of-moving-vehicle-using-speed-cameras
VIKAS SINGH BHADOURIA
 

Recommended

What is IVI (In Vehicle Infotainment)?
What is IVI (In Vehicle Infotainment)?What is IVI (In Vehicle Infotainment)?
What is IVI (In Vehicle Infotainment)?
Embitel Technologies (I) PVT LTD
 
automatic number plate recognition
automatic number plate recognitionautomatic number plate recognition
automatic number plate recognition
Sairam Taduvai
 
Vehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsmVehicle tracking system using gps and gsm
Vehicle tracking system using gps and gsm
anita maharjan
 
Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...Software defined vehicles,automotive standards (safety, security), agile cont...
Software defined vehicles,automotive standards (safety, security), agile cont...
Dr. Anish Cheriyan (PhD)
 
Controller Area Network(CAN)
Controller Area Network(CAN)Controller Area Network(CAN)
Controller Area Network(CAN)
Ashutosh Bhardwaj
 
Controller Area Network (CAN) Protocol || Automotive Electronics || Hariharan K
Controller Area Network (CAN) Protocol || Automotive Electronics || Hariharan KController Area Network (CAN) Protocol || Automotive Electronics || Hariharan K
Controller Area Network (CAN) Protocol || Automotive Electronics || Hariharan K
Hariharan Krishnan
 
IOT Based Smart Parking and Damage Detection Using RFID
IOT Based Smart Parking and Damage Detection Using RFIDIOT Based Smart Parking and Damage Detection Using RFID
IOT Based Smart Parking and Damage Detection Using RFID
MaheshMoses
 
Speed detection-of-moving-vehicle-using-speed-cameras
Speed detection-of-moving-vehicle-using-speed-camerasSpeed detection-of-moving-vehicle-using-speed-cameras
Speed detection-of-moving-vehicle-using-speed-cameras
VIKAS SINGH BHADOURIA
 
Internet of Vehicles (IoV)
Internet of Vehicles (IoV)Internet of Vehicles (IoV)
Internet of Vehicles (IoV)
jangezkhan
 
Connected Car Technology
Connected Car TechnologyConnected Car Technology
Connected Car Technology
Pro Car Mechanics
 
Smart parking system using IOT
Smart parking system using IOTSmart parking system using IOT
Smart parking system using IOT
Udit Deo
 
Controller area network protocol
Controller area network protocolController area network protocol
Controller area network protocol
Sneha Nalla
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Bill Harpley
 
Vanet Presentation
Vanet PresentationVanet Presentation
Vanet Presentation
Sayed_Hossain
 
CAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolCAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus Protocol
Abhinaw Tiwari
 
Controller area network (CAN bus) ppt
Controller area network (CAN bus) pptController area network (CAN bus) ppt
Controller area network (CAN bus) ppt
Raziuddin Khazi
 
Intelligent traffic information and control system
Intelligent traffic information and control systemIntelligent traffic information and control system
Intelligent traffic information and control system
SADEED AMEEN
 
Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)
Priyanka Aash
 
Embedded Systems in Automobile
Embedded Systems in AutomobileEmbedded Systems in Automobile
Embedded Systems in Automobile
Abhishek Sutrave
 
Smart car parking system
Smart car parking systemSmart car parking system
Smart car parking system
Amit Shukla
 
CAN- controlled area network
CAN- controlled area networkCAN- controlled area network
CAN- controlled area network
Pantech ProLabs India Pvt Ltd
 
SMART TRAFFIC CONTROL
SMART TRAFFIC CONTROLSMART TRAFFIC CONTROL
SMART TRAFFIC CONTROL
thrishna Jayaraj
 
Machine learning for 5G and beyond
Machine learning for 5G and beyondMachine learning for 5G and beyond
Machine learning for 5G and beyond
ITU
 
iPARK: Intelligent Parking System based on IoT & AI
iPARK: Intelligent Parking System based on IoT & AIiPARK: Intelligent Parking System based on IoT & AI
iPARK: Intelligent Parking System based on IoT & AI
Mithileysh Sathiyanarayanan
 
Emerging Technology: Internet of Things
Emerging Technology: Internet of ThingsEmerging Technology: Internet of Things
Emerging Technology: Internet of Things
Bartosz Petryński
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
Dominik Strube
 
8 sem final report print copy (1)
8 sem final report print copy (1)8 sem final report print copy (1)
8 sem final report print copy (1)
Jha Bhargav
 
Anti theft security system for vehicle
Anti theft security system for vehicleAnti theft security system for vehicle
Anti theft security system for vehicle
abhinandanyadavg
 
Cyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoCyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_video
OWASP Delhi
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
Bijay Bhandari
 

More Related Content

What's hot

Internet of Vehicles (IoV)
Internet of Vehicles (IoV)Internet of Vehicles (IoV)
Internet of Vehicles (IoV)
jangezkhan
 
Connected Car Technology
Connected Car TechnologyConnected Car Technology
Connected Car Technology
Pro Car Mechanics
 
Smart parking system using IOT
Smart parking system using IOTSmart parking system using IOT
Smart parking system using IOT
Udit Deo
 
Controller area network protocol
Controller area network protocolController area network protocol
Controller area network protocol
Sneha Nalla
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Bill Harpley
 
Vanet Presentation
Vanet PresentationVanet Presentation
Vanet Presentation
Sayed_Hossain
 
CAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolCAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus Protocol
Abhinaw Tiwari
 
Controller area network (CAN bus) ppt
Controller area network (CAN bus) pptController area network (CAN bus) ppt
Controller area network (CAN bus) ppt
Raziuddin Khazi
 
Intelligent traffic information and control system
Intelligent traffic information and control systemIntelligent traffic information and control system
Intelligent traffic information and control system
SADEED AMEEN
 
Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)
Priyanka Aash
 
Embedded Systems in Automobile
Embedded Systems in AutomobileEmbedded Systems in Automobile
Embedded Systems in Automobile
Abhishek Sutrave
 
Smart car parking system
Smart car parking systemSmart car parking system
Smart car parking system
Amit Shukla
 
CAN- controlled area network
CAN- controlled area networkCAN- controlled area network
CAN- controlled area network
Pantech ProLabs India Pvt Ltd
 
SMART TRAFFIC CONTROL
SMART TRAFFIC CONTROLSMART TRAFFIC CONTROL
SMART TRAFFIC CONTROL
thrishna Jayaraj
 
Machine learning for 5G and beyond
Machine learning for 5G and beyondMachine learning for 5G and beyond
Machine learning for 5G and beyond
ITU
 
iPARK: Intelligent Parking System based on IoT & AI
iPARK: Intelligent Parking System based on IoT & AIiPARK: Intelligent Parking System based on IoT & AI
iPARK: Intelligent Parking System based on IoT & AI
Mithileysh Sathiyanarayanan
 
Emerging Technology: Internet of Things
Emerging Technology: Internet of ThingsEmerging Technology: Internet of Things
Emerging Technology: Internet of Things
Bartosz Petryński
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
Dominik Strube
 
8 sem final report print copy (1)
8 sem final report print copy (1)8 sem final report print copy (1)
8 sem final report print copy (1)
Jha Bhargav
 
Anti theft security system for vehicle
Anti theft security system for vehicleAnti theft security system for vehicle
Anti theft security system for vehicle
abhinandanyadavg
 

What's hot (20)

Internet of Vehicles (IoV)
Internet of Vehicles (IoV)Internet of Vehicles (IoV)
Internet of Vehicles (IoV)
 
Connected Car Technology
Connected Car TechnologyConnected Car Technology
Connected Car Technology
 
Smart parking system using IOT
Smart parking system using IOTSmart parking system using IOT
Smart parking system using IOT
 
Controller area network protocol
Controller area network protocolController area network protocol
Controller area network protocol
 
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1Connected & Autonomous vehicles: cybersecurity on a grand scale v1
Connected & Autonomous vehicles: cybersecurity on a grand scale v1
 
Vanet Presentation
Vanet PresentationVanet Presentation
Vanet Presentation
 
CAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolCAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus Protocol
 
Controller area network (CAN bus) ppt
Controller area network (CAN bus) pptController area network (CAN bus) ppt
Controller area network (CAN bus) ppt
 
Intelligent traffic information and control system
Intelligent traffic information and control systemIntelligent traffic information and control system
Intelligent traffic information and control system
 
Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)
 
Embedded Systems in Automobile
Embedded Systems in AutomobileEmbedded Systems in Automobile
Embedded Systems in Automobile
 
Smart car parking system
Smart car parking systemSmart car parking system
Smart car parking system
 
CAN- controlled area network
CAN- controlled area networkCAN- controlled area network
CAN- controlled area network
 
SMART TRAFFIC CONTROL
SMART TRAFFIC CONTROLSMART TRAFFIC CONTROL
SMART TRAFFIC CONTROL
 
Machine learning for 5G and beyond
Machine learning for 5G and beyondMachine learning for 5G and beyond
Machine learning for 5G and beyond
 
iPARK: Intelligent Parking System based on IoT & AI
iPARK: Intelligent Parking System based on IoT & AIiPARK: Intelligent Parking System based on IoT & AI
iPARK: Intelligent Parking System based on IoT & AI
 
Emerging Technology: Internet of Things
Emerging Technology: Internet of ThingsEmerging Technology: Internet of Things
Emerging Technology: Internet of Things
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
 
8 sem final report print copy (1)
8 sem final report print copy (1)8 sem final report print copy (1)
8 sem final report print copy (1)
 
Anti theft security system for vehicle
Anti theft security system for vehicleAnti theft security system for vehicle
Anti theft security system for vehicle
 

Viewers also liked

Cyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoCyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_video
OWASP Delhi
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
Bijay Bhandari
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
Network Intelligence India
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
Symantec
 
Business Values for IoT Solutions
Business Values for IoT SolutionsBusiness Values for IoT Solutions
Business Values for IoT Solutions
IBM Analytics
 
Damn Vulnerable Chemical Process
Damn Vulnerable Chemical ProcessDamn Vulnerable Chemical Process
Damn Vulnerable Chemical Process
Positive Hack Days
 
Smart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder SinghSmart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder Singh
IPPAI
 
Cyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportCyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transport
Andrey Apuhtin
 
Cyber security in smart cities
Cyber security in smart cities Cyber security in smart cities
Cyber security in smart cities
Aboul Ella Hassanien
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
Directorate of Information Security | Ditjen Aptika
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
Sahil Vashishtha
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
Aeman Khan
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
Anshuman Tripathi
 
Cyber security
Cyber securityCyber security
Cyber security
Siblu28
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
MOE515253
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Viewers also liked (17)

Cyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoCyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_video
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Business Values for IoT Solutions
Business Values for IoT SolutionsBusiness Values for IoT Solutions
Business Values for IoT Solutions
 
Damn Vulnerable Chemical Process
Damn Vulnerable Chemical ProcessDamn Vulnerable Chemical Process
Damn Vulnerable Chemical Process
 
Smart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder SinghSmart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder Singh
 
Cyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportCyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transport
 
Cyber security in smart cities
Cyber security in smart cities Cyber security in smart cities
Cyber security in smart cities
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to Cyber Security in Transportation

Intelligent transportation system
Intelligent transportation systemIntelligent transportation system
Intelligent transportation system
KunalPolkundwar
 
IVC DOC-20230921-WA0004..pdf
IVC DOC-20230921-WA0004..pdfIVC DOC-20230921-WA0004..pdf
IVC DOC-20230921-WA0004..pdf
NanDhu551039
 
Intelligent transport system (ITS)
Intelligent transport system (ITS)Intelligent transport system (ITS)
Intelligent transport system (ITS)
Aravind Samala
 
IoT at Airports is Really Taking Off
IoT at Airports is Really Taking OffIoT at Airports is Really Taking Off
IoT at Airports is Really Taking Off
Daniel Pohnert, PE, RCDD, LEED AP BD&C
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network security
FFRI, Inc.
 
An OSGi based HMI for networked vehicles - Miguel García Longarón, TID
An OSGi based HMI for networked vehicles - Miguel García Longarón, TIDAn OSGi based HMI for networked vehicles - Miguel García Longarón, TID
An OSGi based HMI for networked vehicles - Miguel García Longarón, TID
mfrancis
 
Intelligent transport systems
Intelligent transport systemsIntelligent transport systems
Intelligent transport systems
Abhijit Pal
 
Vanet ppt
Vanet pptVanet ppt
Vanet ppt
Akash Raghunath
 
CVIS Project - Christer Larsson, Makewave
CVIS Project - Christer Larsson, MakewaveCVIS Project - Christer Larsson, Makewave
CVIS Project - Christer Larsson, Makewave
mfrancis
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
DefCamp
 
Disaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networkingDisaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networking
ADVA
 
final.pptx
final.pptxfinal.pptx
final.pptx
ChetanChauhan203001
 
Electronic toll system
Electronic toll systemElectronic toll system
Electronic toll system
Nishigandha Gawas
 
China rail high speed wireless internet service
China rail high speed wireless internet serviceChina rail high speed wireless internet service
China rail high speed wireless internet service
Jen-chih Liu
 
Solutions and Protocolos for Vehicles Accident Notifications Using IoT
Solutions and Protocolos for Vehicles Accident Notifications Using IoTSolutions and Protocolos for Vehicles Accident Notifications Using IoT
Solutions and Protocolos for Vehicles Accident Notifications Using IoT
Diego C. Zuñiga
 
Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010
Iddan Halevy
 
CANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devicesCANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devices
Priyanka Aash
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
محمدعبد الحى
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car Security
Suresh Mandava
 
Early Builders' Roundtable APCO 2013 Conference 08-20-13
Early Builders' Roundtable APCO 2013 Conference 08-20-13Early Builders' Roundtable APCO 2013 Conference 08-20-13
Early Builders' Roundtable APCO 2013 Conference 08-20-13
Bill Schrier
 

Similar to Cyber Security in Transportation (20)

Intelligent transportation system
Intelligent transportation systemIntelligent transportation system
Intelligent transportation system
 
IVC DOC-20230921-WA0004..pdf
IVC DOC-20230921-WA0004..pdfIVC DOC-20230921-WA0004..pdf
IVC DOC-20230921-WA0004..pdf
 
Intelligent transport system (ITS)
Intelligent transport system (ITS)Intelligent transport system (ITS)
Intelligent transport system (ITS)
 
IoT at Airports is Really Taking Off
IoT at Airports is Really Taking OffIoT at Airports is Really Taking Off
IoT at Airports is Really Taking Off
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network security
 
An OSGi based HMI for networked vehicles - Miguel García Longarón, TID
An OSGi based HMI for networked vehicles - Miguel García Longarón, TIDAn OSGi based HMI for networked vehicles - Miguel García Longarón, TID
An OSGi based HMI for networked vehicles - Miguel García Longarón, TID
 
Intelligent transport systems
Intelligent transport systemsIntelligent transport systems
Intelligent transport systems
 
Vanet ppt
Vanet pptVanet ppt
Vanet ppt
 
CVIS Project - Christer Larsson, Makewave
CVIS Project - Christer Larsson, MakewaveCVIS Project - Christer Larsson, Makewave
CVIS Project - Christer Larsson, Makewave
 
DefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network securityDefCamp 2013 - In vehicle CAN network security
DefCamp 2013 - In vehicle CAN network security
 
Disaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networkingDisaggregation, automation and autonomy in optical networking
Disaggregation, automation and autonomy in optical networking
 
final.pptx
final.pptxfinal.pptx
final.pptx
 
Electronic toll system
Electronic toll systemElectronic toll system
Electronic toll system
 
China rail high speed wireless internet service
China rail high speed wireless internet serviceChina rail high speed wireless internet service
China rail high speed wireless internet service
 
Solutions and Protocolos for Vehicles Accident Notifications Using IoT
Solutions and Protocolos for Vehicles Accident Notifications Using IoTSolutions and Protocolos for Vehicles Accident Notifications Using IoT
Solutions and Protocolos for Vehicles Accident Notifications Using IoT
 
Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010
 
CANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devicesCANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devices
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car Security
 
Early Builders' Roundtable APCO 2013 Conference 08-20-13
Early Builders' Roundtable APCO 2013 Conference 08-20-13Early Builders' Roundtable APCO 2013 Conference 08-20-13
Early Builders' Roundtable APCO 2013 Conference 08-20-13
 

Recently uploaded

What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill Roads
What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill RoadsWhat Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill Roads
What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill Roads
Sprinter Gurus
 
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
78tq3hi2
 
new-HIFLY-TBR-catalogue size specification
new-HIFLY-TBR-catalogue size specificationnew-HIFLY-TBR-catalogue size specification
new-HIFLY-TBR-catalogue size specification
bosscmn
 
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
afkxen
 
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
afkxen
 
Manual despiece Yamaha fuera de borda pc_e40x_02.pdf
Manual despiece Yamaha fuera de borda pc_e40x_02.pdfManual despiece Yamaha fuera de borda pc_e40x_02.pdf
Manual despiece Yamaha fuera de borda pc_e40x_02.pdf
GermanValentini1
 
AadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) RaipurAadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects
 
Skoda Octavia Rs for Sale Perth | Skoda Perth
Skoda Octavia Rs for Sale Perth | Skoda PerthSkoda Octavia Rs for Sale Perth | Skoda Perth
Skoda Octavia Rs for Sale Perth | Skoda Perth
Perth City Skoda
 
What do the symbols on vehicle dashboard mean?
What do the symbols on vehicle dashboard mean?What do the symbols on vehicle dashboard mean?
What do the symbols on vehicle dashboard mean?
Hyundai Motor Group
 
TRAINEES-RECORD-BOOK- electronics and electrical
TRAINEES-RECORD-BOOK- electronics and electricalTRAINEES-RECORD-BOOK- electronics and electrical
TRAINEES-RECORD-BOOK- electronics and electrical
JohnCarloPajarilloKa
 
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
78tq3hi2
 
一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理
一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理
一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理
bouvoy
 
Globalfleet - global fleet survey 2021 full results
Globalfleet - global fleet survey 2021 full resultsGlobalfleet - global fleet survey 2021 full results
Globalfleet - global fleet survey 2021 full results
vaterland
 
一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理
一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理
一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理
mymwpc
 
Here's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDsHere's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDs
jennifermiller8137
 
Digital Fleet Management - Why Your Business Need It?
Digital Fleet Management - Why Your Business Need It?Digital Fleet Management - Why Your Business Need It?
Digital Fleet Management - Why Your Business Need It?
jennifermiller8137
 
final-slide-deck-ACURE-AQ-December-1-webinar-2022.pdf
final-slide-deck-ACURE-AQ-December-1-webinar-2022.pdffinal-slide-deck-ACURE-AQ-December-1-webinar-2022.pdf
final-slide-deck-ACURE-AQ-December-1-webinar-2022.pdf
Ashfaq Ahmad
 
Hand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptxHand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptx
wstatus456
 
一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理
一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理
一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理
mymwpc
 
Kaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality EngineerspptxKaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality Engineerspptx
vaibhavsrivastava482521
 

Recently uploaded (20)

What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill Roads
What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill RoadsWhat Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill Roads
What Could Be Behind Your Mercedes Sprinter's Power Loss on Uphill Roads
 
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
 
new-HIFLY-TBR-catalogue size specification
new-HIFLY-TBR-catalogue size specificationnew-HIFLY-TBR-catalogue size specification
new-HIFLY-TBR-catalogue size specification
 
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
 
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
 
Manual despiece Yamaha fuera de borda pc_e40x_02.pdf
Manual despiece Yamaha fuera de borda pc_e40x_02.pdfManual despiece Yamaha fuera de borda pc_e40x_02.pdf
Manual despiece Yamaha fuera de borda pc_e40x_02.pdf
 
AadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) RaipurAadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) Raipur
 
Skoda Octavia Rs for Sale Perth | Skoda Perth
Skoda Octavia Rs for Sale Perth | Skoda PerthSkoda Octavia Rs for Sale Perth | Skoda Perth
Skoda Octavia Rs for Sale Perth | Skoda Perth
 
What do the symbols on vehicle dashboard mean?
What do the symbols on vehicle dashboard mean?What do the symbols on vehicle dashboard mean?
What do the symbols on vehicle dashboard mean?
 
TRAINEES-RECORD-BOOK- electronics and electrical
TRAINEES-RECORD-BOOK- electronics and electricalTRAINEES-RECORD-BOOK- electronics and electrical
TRAINEES-RECORD-BOOK- electronics and electrical
 
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
 
一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理
一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理
一比一原版(UNITEC毕业证)UNITEC理工学院毕业证成绩单如何办理
 
Globalfleet - global fleet survey 2021 full results
Globalfleet - global fleet survey 2021 full resultsGlobalfleet - global fleet survey 2021 full results
Globalfleet - global fleet survey 2021 full results
 
一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理
一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理
一比一原版(AUT毕业证)奥克兰理工大学毕业证成绩单如何办理
 
Here's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDsHere's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDs
 
Digital Fleet Management - Why Your Business Need It?
Digital Fleet Management - Why Your Business Need It?Digital Fleet Management - Why Your Business Need It?
Digital Fleet Management - Why Your Business Need It?
 
final-slide-deck-ACURE-AQ-December-1-webinar-2022.pdf
final-slide-deck-ACURE-AQ-December-1-webinar-2022.pdffinal-slide-deck-ACURE-AQ-December-1-webinar-2022.pdf
final-slide-deck-ACURE-AQ-December-1-webinar-2022.pdf
 
Hand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptxHand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptx
 
一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理
一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理
一比一原版(OP毕业证)奥塔哥理工学院毕业证成绩单如何办理
 
Kaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality EngineerspptxKaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality Engineerspptx
 

Cyber Security in Transportation

  • 1. Lecturer: Oren Elimelech Ministry of Transport & Road Safety Cyber Security Adviser / SecuRegion CISO CISO, CISM, CISA, CISSP, VCP, MCSE, MCT, A+, CCIE, CCSA Cyber Security in Transportation 19th August 2015
  • 2. Oren Elimelech Cyber Security, GRC, ITC, Forensics & Cloud Consultant • • • • • • • • • • • • ISC2• ISSA• ISACA • IARM• CSA• OWASP 2 Who are you?... About Myself
  • 3. • Transportation Cyber Security • Aviation Attacks • Public Transport Attack • Remote Exploitation of a Vehicle and other vegetables • Q & A Todays Agenda: 4
  • 4. • The transportations segment includes many area: • Mass land transportation – Trains, Busses, Trucks etc. • Aviation transport – Planes, Airports among others. • Naval transport – Ships, harbors, nav. system etc. • Traffic & Transit control – signal control, warning lights, road crossing illumination, tunnels and many more • Vehicle – CAN bus, ECM, ECU, connected vehicles • Most of the systems used are SCADA systems • They are used for: power control, emergency ventilation control, alarms, indicators, sensors, fire/intrusion detection, control/signaling, AVL, access control etc. Transportation Cyber Security 5
  • 5. • Most of the those system are vulnerable to cyber attacks since most are not totally disconnected • Some are prone to physical access or even Radio data link or Cellular (Watch Tower, Black Box etc) • Maintenance, firmware and software upgrades • And the list gets even longer • Manifestation Impact – a vulnerability cascading effect reaching other systems & services • One must ensure the Confidentiality (not necessarily security classified information), the Availability and the Integrity of information in ICT systems Areas of Compromise 6
  • 6. • Expanding the scope from focusing only on external hostile threats to miscellaneous general external and internal threats – caused deliberately and accidently, technical failures and natural disasters • For instance: Avionics control system failure in UK following a software upgrade • Strong emphasis on supposedly peripheral systems that are not defined as critical national infrastructures • For instance: LOT airline company cyber attack My Work Objectives & Tasks 7
  • 8. • On June 21st operations were disrupted at Warsaw Chopin Airport by what LOT Polish Airlines said was a cyberattack on flight-planning computers. 10 LOT flights were canceled and some 15 others were grounded for several hours, affecting roughly 1,400 passengers LOT Airline Cyber Attack 9
  • 9. • U.S. aviation regulators and industry officials have begun developing comprehensive cybersecurity protections for aircraft, seeking to cover everything from the largest commercial jetliners to small private planes LOT Airline Cyber Attack 10
  • 10. • On July 8th 2015 – United Airlines issued a statement saying it suffered from “a network connectivity issue” – effecting 4,900 flights were impacted by the problem worldwide United Airline vulnerabilities 11
  • 11. • On July 15th 2015 – United Airlines gave 1 million miles bug bounty to a security researcher after finding Remote-execute, XSS and CSRF bug in the Airline mobile-app & website enabling private information disclosure and exploits United Airline vulnerabilities 12
  • 12. • On August 17th 2015 – United Airlines frequent Flyer App was hacked revealing passengers private information – Yosi Dahan (whitehat hacker) United Airline vulnerabilities 13
  • 14. Once in the system, they disconnected signal control boxes at four intersections and locked out anyone else from being able to fix the problem "So for four days in this major city, the traffic lights would just blink and go from color to color" A large US city locked in labor negotiations with union employees was hit by two employees who helped build the traffic control system for the organization in protest of the proceedings. Even though the city had pre-emptively disabled union employee access to systems due to concerns of potential sabotage, these two insiders managed to gain control of the system due to a supervisor previously sharing his credentials. Dawn Cappelli, principal engineer at CERT Insiders using authorized access 18
  • 16. • Two researchers from US: • Charlie Miller • Chris Valasek • Work diligently since 2010 on DARPA funding • VIDEO DEMO Hacking Chrysler Jeep Remotely 17
  • 17. • Controller Area Network (CAN) • Developed by Bosch 1983-86 for automobile in- vehicle network • Multi-drop, Multi-master serial bus providing communication between controllers, sensor and actuators • Highly reliable and robust, well proven technology • Inexpensive • First car BMW series 8 - 1988 • 100% car since 2008 user CAN bus CAN Bus Quick Intro 18
  • 18. • Until CAN Bus – vehicles contained enormous amounts of wiring that was necessary to interconnect all the various electronic components CAN Bus Quick Intro 19
  • 19. • CAN Bus reduced wiring in over 2km and weight of over 50kg CAN Bus Quick Intro 20
  • 20. • International Standard ISO 11898 • ISO 11898-2 High speed application –1 Mbps • ISO 11898-3 Low speed application –125 Kbps • CAN id being used widely in other applications: • Automotive • Military vehicles • Industrial machinery • Medical systems • Agricultural machinery • Marine control and navigation • Elevator control systems CAN Bus Quick Intro 21
  • 21. • Network Layered Model CAN Bus – based on OSI model 22 Partially implemented by higher- level CAN protocols like CANopen, CANaerospace, MilCAN, SAE J1939, ISO 1132 and others Standard CAN implementation defines most of the lowest two layers (physical details often specified by higher-layer protocol) Bypass used without higher-layer protocols User Interface
  • 22. • All messages are broadcast • Any node is allowed to broadcast a message • Each message contains an ID that identifies the source or content of a message • Each receiver decides to process or ignore each message • Single twisted pair wire terminated on each end CAN Bus Characteristics 23
  • 23. • Physical medium CAN Bus Characteristics 24
  • 24. • Oscilloscope – Signal levels (Differential signaling) CAN Bus Characteristics 25 CAN H CAN L
  • 25. • Oscilloscope – Signal levels (Differential signaling) CAN Bus Characteristics 26 Recessive 0 Dominant 0 Recessive 1
  • 26. • Data Frame • Used to transmit data • Remote Frame • Used to request data transmission • Error Frame • Sent by a node that detects an error • Overload Frame • Sent by a node to request a delay in transmission CAN Bus Network Frames 27
  • 27. • Multiple operation sensors • Alarms & Alerts can be disabled and even used… CAN Bus Vehicle Platform 28
  • 28. • CAN Bus can be used to access other vehicle systems CAN Bus & Other Vehicle Platforms 29
  • 29. Chrysler Jeep 2014 Remote Hacking 30
  • 30. • The Jeep Cherokee was chosen due to the fact that the head unit (Radio) is connected to both CAN buses Chrysler Jeep 2014 31
  • 31. • Adaptive Cruise Control (ACC) • assists the driver in keeping the proper distance between themselves and cars ahead of them • Forward Collision Warning Plus (FCW+) • prevents the Jeep from colliding with objects in front of it Cyber Physical Features 32
  • 32. • Lane Departure Warning (LDW+) • examines the lines on the road (i.e. paint) to detects the Jeep is leaving the current lane, it will adjust the steering wheel to keep the vehicle in the current lane Cyber Physical Features 33
  • 33. • Park Assist System (PAM) • Permits the driver to effortlessly park the car without much driver interaction in various scenarios, such as parallel parking, backing into a space, etc. • The PAM technology played a key role in the hack • Enabling to use this PAM to steer an automobile at high speed with CAN messages alone Cyber Physical Features 34
  • 34. • Other vulnerable systems • Tire Pressure Monitoring System (TPMS) • Passive Anti-Theft System (PATS) • Bluetooth • Radio Data System • WiFi • GPS • HVAC (Heating and Air Conditioning) • Display • Knobs Cyber Physical Features 35
  • 35. • Every piece of technology that interacts with the outside world is a potential entry point Remote Attack Surface 36
  • 36. • Many modern automobiles contain a cellular radio, generically referred to as a telematics system, used to connect the vehicle to a cellular network, for example GM’s OnStar. The cellular technology can also be used to retrieve data, such as traffic or weather information • This is the holy grail of automotive attacks (Long Cellular cover) • On the Jeep, all of these features are controlled by the Radio, which resides on both the CAN-IHS bus and the CAN-C bus Telematics / Internet / Apps 37
  • 37. • The Uconnect system in the Jeep contains the ability to communicate over cellular network using a sierra wireless card for remote connectivity Telematics / Internet / Apps 38
  • 38. • The telematics, Internet, radio, and Apps are all bundled into the Harman Uconnect system that comes with the 2014 Jeep Cherokee Infotainment 39
  • 39. • The 2014 Jeep Cherokee uses the Uconnect 8.4AN/RA4 radio manufactured by Harman Kardon with the majority of functionality is physically located on a Texas Instruments OMAP- DM3730 system on a chip which is common within automotive systems • The system uses LUA language: a common powerful, fast, lightweight, embeddable scripting language used in many systems worldwide Uconnect System 40
  • 40. • As mentioned earlier, the Uconnect system has the ability to interact with both the outside world, via Wi-Fi, Cellular, and BT and with the CAN bus • The processor responsible for interacting with the Interior High Speed CAN (CAN-IHS) and the primary CAN-C bus is a Renesas V850 CAN Connectivity 41
  • 41. • To hack the V850 chip you need the right tools for the job… Which cost the researchers over $6,700 plus having a $1800 per year Tech Authority subscription for being able to buy and updates… CAN Hacking & Connectivity 42
  • 42. • Using the wiTECH tools you are able to see the entire network of the vehicle Chrysler Jeep 43
  • 43. WiFi Open Ports 44 • Scanning the vehicle exposed WiFi ports reveals many open ports
  • 45. • With all of these services, there is a good chance a vulnerability would be present that could allow remote exploitation, port 6667 seems interesting • This port is D-Bus over IP, which is essentially an inter-process communication (IPC) and remote procedure call (RPC) mechanism used for communication between processes WiFi Open Ports 46 No Password Needed!!!
  • 46. • Using DFeet (wiTECH tool) to interact with the D-Bus service on the Jeep for methods to start ‘com.harman.service.SoftwareUpdate’ service D-Bus Software Update 47
  • 47. • Inserting a USB with a valid ISO to the Uconnect begins the updating process Jailbreak Uconnect 48
  • 48. • So a new compromised Firmware enables to remotely control the vehicle. • Even an unsigned firmware can be used to update the system from the head unit • The problem is that the system is only designed to perform the upgrade from a USB • This is a big complication for an attacker, since we want to flash the V850 (OMAP chip) without a USB stick…  Software Firmware Upgrade 49
  • 49. • Port 6667 IRC, is bound to all interfaces, therefore D-Bus communications can be performed against the Jeep over the cellular network! Cellular Exploitation – Remote Update 50
  • 50. • Was used to enable the vehicle to connect to the hacker – using a miniature cell tower (provided to customers with bad reception in their residence). The device can also be used to intercept cellular traffic and modified to an attacker’s specifications Femtocell 51
  • 51. • Scanning port 6667 from a Sprint device on the IP addresses 21.0.0.0/8 and 25.0.0.0/8. Anything that responds is a vulnerable Uconnect system Scanning for vulnerable vehicles 52
  • 52. • The D-Bus service on port 6667 running on the Uconnect system in susceptible to command injection vulnerabilities • Utilizing the ‘NavTrailService’ where code is implemented in ‘/service/platform/nav/navTrailService.lua’ • Unbelievable the service includes ‘execute’ method which is designed to execute arbitrary shell commands!!! Gaining Code Execution 53
  • 53. • Running arbitrary code on the head unit (OMAP chip) within the Uconnect system enables running various LUA scripts that can be used to affect the vehicle • This gives the hackers the possibility to remotely control the 2014 Jeep Cherokee – even when a person is inside the vehicle Uconnect Attack Payloads 54
  • 54. • Identify target • Exploit the OMAP chip of the head unit • Control the Uconnect System • Flash the v850 with modified firmware remotely • Perform cyber physical actions Summary - The entire exploit chain 55
  • 55. •‫סמל‬‫תוצר‬-‫לדוגמא‬:19 •‫תוצר‬ ‫שם‬-‫לדוגמא‬:‫האודי‬ •‫דגם‬ ‫קוד‬-10 •‫תאור‬‫דגם‬-4LB0EL •‫המרכב‬-‫פנאי‬-‫שטח‬ •‫כינוי‬-Q7 •‫מנוע‬ ‫נפח‬-4163 •‫כולל‬ ‫משקל‬-3065 •‫גובה‬-173 •‫גימור‬ ‫רמת‬- •‫סוס‬ ‫כוחות‬-350 •‫דלתות‬ ‫מספר‬-5 •‫מזגן‬-‫יש‬ •‫אוויר‬ ‫כריות‬ ‫מספר‬-6 •‫מערכת‬ABS -‫יש‬ •‫אוטומטיים‬ ‫הילוכים‬-‫יש‬ •‫חלון‬‫בגאז‬- •‫שנה‬-2007 Free Data available in Israel from 2008 56 •‫קבוצת‬‫אגרה‬-7 •‫רישום‬ ‫הוראות‬-06-0526 •‫סה‬"‫רשומים‬ ‫כ‬-3 •‫פעילים‬ ‫רשומים‬-3 •‫הנעה‬-4X4 •‫כוח‬ ‫הגה‬-‫יש‬ •‫חשמל‬ ‫חלונות‬-4 •‫מגנזיום‬ ‫גלגלי‬-‫יש‬ •‫דלק‬ ‫סוג‬-‫בנזין‬ •‫ארגז‬- •‫יציבות‬ ‫בקרת‬-‫יש‬ •‫היברידי‬- •‫מושבים‬ ‫מספר‬-7 •‫גרירה‬ ‫כושר‬- •‫זיהום‬ ‫קבוצת‬- •‫תקינה‬- •‫בקרת‬‫מנתיב‬ ‫סטיה‬- •‫מלפנים‬ ‫מרחק‬ ‫ניטור‬- •‫מת‬ ‫בשטח‬ ‫זיהוי‬- •‫אדפטיבית‬ ‫שיוט‬ ‫בקרת‬- •‫זיהוי‬‫הולגי‬‫רגל‬- •‫לבלימה‬ ‫עזר‬ ‫מערכת‬- •‫מצלמת‬‫רוורס‬- •‫בצמיגים‬ ‫אוויר‬ ‫לחץ‬ ‫חיישני‬- •‫חגורות‬ ‫חיישני‬- •‫בטיחות‬ ‫ניקוד‬- •‫רמת‬‫איבזור‬‫בטיחותי‬- •‫אוטומטית‬ ‫תאורה‬- •‫באורות‬ ‫אוטומטית‬ ‫שליטה‬ ‫הגבוהים‬- •‫מסוכנת‬ ‫התקרבות‬ ‫מצב‬ ‫זיהוי‬- •‫תנועה‬ ‫תמרורי‬ ‫זיהוי‬-