SlideShare a Scribd company logo

Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

EC-Council
EC-Council

THE $750 BILLION VEHICLE DATA GOLD RUSH – PIRATES AHOY! Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.

Technology
1 of 21
Download to read offline
Data in cars can be creepy…
$750,000,000,000
• Is killing the engine of a car while riding on the highway the only threat model?Who is best served by this narrative? • Are we sure a few hours of tinkering aren’t sufficient?Why use sophisticated approaches when simple does it?
Who commits the most crimes? Adversary states or common criminals? PIRATETIP #1: FOCUS ON COMMON CRIMINALS (THIEVES, FRAUDSTERS, STALKERS, ETC.) What is an easy and established way to make (illegal) profits using cars? Rethink The Threat Model Today the narrative on vehicle cybersecurity is about foreign actors and terrorists trying to kill us or cripple the infrastructure BUT…
PIRATETIP #2: FOCUS ON NEW FEATURES THAT HAVE BEEN ADDED FOR CONVENIENCE ORTO OFFER NEW SERVICES Gone in 49 seconds
German Automotive Club (ADAC)Test of 237 vehicles: only ONE resisted keyfob attacks • Alfa Romeo (2/2) • Audi (17/17) • BMW (30/30) • Chevrolet (1/1) • Citroen (5/5) • DS Auto (1/1) • Fiat (2/2) • Ford (10/10) • Honda (2/2) • Hyundai (15/15) • Infiniti (1/2) • Peugeot (5/5) • Renault (15/15) • Seat (5/5) • Skoda (9/9) • SsangYong (2/2) • Suzuki (6/6) • Subaru (5/5) • Tesla (2/2) • Toyota (8/8) • Volvo (12/13) • VW (15/15) • Jaguar (1/2) • Jeep (1/1) • KIA (14/14) • Land Rover (1/4) • Lexus (2/2) • Mazda (6/7) • Mercedes (9/9) • Mini (4/4) • Mitsubishi (3/3) • Nissan (8/8) • Opel (10/10) PIRATETIP #3: INCLUDE PHYSICAL ACCESSTO YOURTHREAT MODEL What is even scarier? IT’S NOT A BUG, IT’S A FEATURE
Most scary: strangers get in other people’s cars ALL THE TIME! Source Driver (# users) Incidence % # opportunities Rental 1m/day 99% 350m/year Used sales 40m/year, 5Xvisits 50% 100m/year Wholesaling 25m/year, 8X visits 50% 100m/year Repos + total loss 3m/year, 10X visits 86% 25m/year Fleets (ex. rental) 2m/year, 6X users 66% 8m/year Service 269m 2X/year 50% 135m/year Valet 269m 2X/year 50% 135m/year TOTAL >700m/year Estimates: USA only!
Is car hacking like this? (need huge, complex tools to drill through a 6-inch plate of steel?)
CarsBlues $45, a few minutes, no coding Or how about this?
Hi, my name is Sofia, I am 8 years old, and I am here to teach you how to hack a car.
Working with the Auto-ISAC • “Sealed” responsible disclosure Feb-Jun ‘18 • Process guided by Auto-ISAC • 22 makes from many OEMs involved (tests conducted in NA + EU) • Agreed “weakness” affects tens of millions of vehicles in circulation
YMMV: reactions to disclosure That’s cool! That sucked! • <48h to respond • Met at R&D center • Had flown people in from across the globe • Hack on video • Very defensive • Mocked hack was nothing new (so why this “obvious” vulnerability is still around?) • Unhappy about not joining their bug bounty • Minimize risk in front of authorities
• Happens all the time, everywhere • Worse with more recently manufactured vehicles (people sync more, more data captured for each vehicle • Worse if vehicle shared (rental, carshare, pools, etc.) Plenty of Data to be Found System absent Percentage of sample Not found or not reported System present, personal info present 396 vehicles 1 10 10 39 4 99 51 86 Rental US Auction UK auction 600+ vehicles 96 vehicles
MUST change the #ThreatModel www.Privacy4Cars.com
Thoughts for future research… CarsBlues gets around three “pins” Have working hypothesis on how to get around 4th layer of defense and hack ALL cars CarsBluesII • Please use #CarsBlues hashtag onTwitter if you give CarsBlues (or CarsBluesII) a go • DM @Privacy4Cars if you are interested in collaborating
Some cool research
Thoughts for future research #2 While some have reported the fraudulent rentals as “hacking” Car2go communications director Michael Silverman made clear by email that no such hack occurred. “None of our member’s personal or confidential information has been compromised, and no other SHARE NOW North American cities have been affected,” Silverman commented. Local investigative reporter Brad Edwards indicates that the stolen cars were used to commit crimes, it would seem he intends that to mean above and beyond grand theft auto and alleged credit card fraud, I suppose. The Car2go Mercedes were unlocked with the app, then. Some speculate that this was done with stolen credit card data. For their part, Car2go does not seem to indicate that any app vulnerabilities existed, and claim no customers should be worried about their data.
Our objective is to raise the public’s, industry’s, regulators’, and advocates’ awareness on the issue of personal data collection, to drive transparency, and to put safety nets in place for consumers https://www.privacy4cars.com PLEASE USETHIS INFORMATION RESPONSIBLY Follow us: @Privacy4Cars Subscribe: Privacy4Cars Data should always be deleted before any vehicle handoff!

Recommended

Accident Attorneys In Atlanta
Accident Attorneys In AtlantaAccident Attorneys In Atlanta
Accident Attorneys In Atlantaglassrobsona
 
Road Rage: When Anger Leads To Injury On The Road
Road Rage: When Anger Leads To Injury On The RoadRoad Rage: When Anger Leads To Injury On The Road
Road Rage: When Anger Leads To Injury On The RoadBlackwell Law Firm
 
[Infographic] Top 5 Most Reliable Vehicles by Claim Rate
[Infographic] Top 5 Most Reliable Vehicles by Claim Rate[Infographic] Top 5 Most Reliable Vehicles by Claim Rate
[Infographic] Top 5 Most Reliable Vehicles by Claim RateEndurance Direct (Endurance Warranty Services, LLC)
 
July 2015 Transport Newsletter 070815
July 2015 Transport Newsletter 070815July 2015 Transport Newsletter 070815
July 2015 Transport Newsletter 070815Alexandra Korona
 
Mastergard vsib-2011
Mastergard vsib-2011Mastergard vsib-2011
Mastergard vsib-2011itiint
 
Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...
Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...
Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...Rosenfeld Injury Lawyers
 
Safety safety driving BY BABASAB PATIL
Safety safety driving BY BABASAB PATIL Safety safety driving BY BABASAB PATIL
Safety safety driving BY BABASAB PATIL Babasab Patil
 
Argument Powerpoint
Argument PowerpointArgument Powerpoint
Argument PowerpointAshley_Walker3
 

Recommended

Accident Attorneys In Atlanta
Accident Attorneys In AtlantaAccident Attorneys In Atlanta
Accident Attorneys In Atlantaglassrobsona
 
Road Rage: When Anger Leads To Injury On The Road
Road Rage: When Anger Leads To Injury On The RoadRoad Rage: When Anger Leads To Injury On The Road
Road Rage: When Anger Leads To Injury On The RoadBlackwell Law Firm
 
[Infographic] Top 5 Most Reliable Vehicles by Claim Rate
[Infographic] Top 5 Most Reliable Vehicles by Claim Rate[Infographic] Top 5 Most Reliable Vehicles by Claim Rate
[Infographic] Top 5 Most Reliable Vehicles by Claim RateEndurance Direct (Endurance Warranty Services, LLC)
 
July 2015 Transport Newsletter 070815
July 2015 Transport Newsletter 070815July 2015 Transport Newsletter 070815
July 2015 Transport Newsletter 070815Alexandra Korona
 
Mastergard vsib-2011
Mastergard vsib-2011Mastergard vsib-2011
Mastergard vsib-2011itiint
 
Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...
Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...
Read This Book To Learn About Your Legal Rights Following an Illinois Car Acc...Rosenfeld Injury Lawyers
 
Safety safety driving BY BABASAB PATIL
Safety safety driving BY BABASAB PATIL Safety safety driving BY BABASAB PATIL
Safety safety driving BY BABASAB PATIL Babasab Patil
 
Argument Powerpoint
Argument PowerpointArgument Powerpoint
Argument PowerpointAshley_Walker3
 
#SaferCarsForAfrica - Alejandro Furas, Global NCAP
#SaferCarsForAfrica - Alejandro Furas, Global NCAP#SaferCarsForAfrica - Alejandro Furas, Global NCAP
#SaferCarsForAfrica - Alejandro Furas, Global NCAPGlobal NCAP
 
Driving safely
Driving safelyDriving safely
Driving safelyAnbr Cama
 
New Text Message! Save a Life, Don't Text and Drive
New Text Message! Save a Life, Don't Text and DriveNew Text Message! Save a Life, Don't Text and Drive
New Text Message! Save a Life, Don't Text and Drive9asb3
 
Vieview Automobile 3
Vieview Automobile 3Vieview Automobile 3
Vieview Automobile 3Intage VN
 
An In-Depth Look at Car Insurance
An In-Depth Look at Car InsuranceAn In-Depth Look at Car Insurance
An In-Depth Look at Car InsuranceRory Van Wyk
 
Texting and driving
Texting and drivingTexting and driving
Texting and drivingJessica Fishbein
 
#SaferCarsForAfrica - David Ward, Global NCAP
#SaferCarsForAfrica - David Ward, Global NCAP#SaferCarsForAfrica - David Ward, Global NCAP
#SaferCarsForAfrica - David Ward, Global NCAPGlobal NCAP
 
Traffic Accidents
Traffic AccidentsTraffic Accidents
Traffic Accidentsoverratedabdome85
 
Seatbelts white paper
Seatbelts white paperSeatbelts white paper
Seatbelts white paperKelsey Asher
 
7 Common Types of Car Accidents
7 Common Types of Car Accidents7 Common Types of Car Accidents
7 Common Types of Car AccidentsTennycut
 
The GM Recalls!!
The GM Recalls!!The GM Recalls!!
The GM Recalls!!Sachin Satwaskar
 
Arrive Alive - Road Users Must See!
Arrive Alive - Road Users Must See! Arrive Alive - Road Users Must See!
Arrive Alive - Road Users Must See!cherie22579
 
Arrive Alive
Arrive AliveArrive Alive
Arrive Aliveskillfulyards
 
#SaferCarsForAfrica - Collins Khumalo, AA South Africa
#SaferCarsForAfrica - Collins Khumalo, AA South Africa#SaferCarsForAfrica - Collins Khumalo, AA South Africa
#SaferCarsForAfrica - Collins Khumalo, AA South AfricaGlobal NCAP
 
Federal Mogul Award for 2015
Federal Mogul Award for 2015Federal Mogul Award for 2015
Federal Mogul Award for 2015Harvey Echols
 
Estudo sobre tombamentos e capotamentos
Estudo sobre tombamentos e capotamentosEstudo sobre tombamentos e capotamentos
Estudo sobre tombamentos e capotamentosRoberto Fernandes
 
Introduction eight steps to ethical decision making
Introduction eight steps to ethical decision makingIntroduction eight steps to ethical decision making
Introduction eight steps to ethical decision makingaggiepride2012
 
Choose the safest car for your teen - Floyd Arthur Presentation
Choose the safest car for your teen - Floyd Arthur PresentationChoose the safest car for your teen - Floyd Arthur Presentation
Choose the safest car for your teen - Floyd Arthur PresentationFloyd Arthur
 
DeFranco Insurance Services Presentation
DeFranco Insurance Services PresentationDeFranco Insurance Services Presentation
DeFranco Insurance Services PresentationDeFrancoInsurance
 
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts AccidentsDriver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts AccidentsColucci, Colucci & Marcus, P.C
 
The Self-Driving Car
The Self-Driving CarThe Self-Driving Car
The Self-Driving CarFred Phillips
 
Automotive Industry Disruption
Automotive Industry Disruption Automotive Industry Disruption
Automotive Industry Disruption asTech
 

More Related Content

What's hot

#SaferCarsForAfrica - Alejandro Furas, Global NCAP
#SaferCarsForAfrica - Alejandro Furas, Global NCAP#SaferCarsForAfrica - Alejandro Furas, Global NCAP
#SaferCarsForAfrica - Alejandro Furas, Global NCAPGlobal NCAP
 
Driving safely
Driving safelyDriving safely
Driving safelyAnbr Cama
 
New Text Message! Save a Life, Don't Text and Drive
New Text Message! Save a Life, Don't Text and DriveNew Text Message! Save a Life, Don't Text and Drive
New Text Message! Save a Life, Don't Text and Drive9asb3
 
Vieview Automobile 3
Vieview Automobile 3Vieview Automobile 3
Vieview Automobile 3Intage VN
 
An In-Depth Look at Car Insurance
An In-Depth Look at Car InsuranceAn In-Depth Look at Car Insurance
An In-Depth Look at Car InsuranceRory Van Wyk
 
#SaferCarsForAfrica - David Ward, Global NCAP
#SaferCarsForAfrica - David Ward, Global NCAP#SaferCarsForAfrica - David Ward, Global NCAP
#SaferCarsForAfrica - David Ward, Global NCAPGlobal NCAP
 
Seatbelts white paper
Seatbelts white paperSeatbelts white paper
Seatbelts white paperKelsey Asher
 
7 Common Types of Car Accidents
7 Common Types of Car Accidents7 Common Types of Car Accidents
7 Common Types of Car AccidentsTennycut
 
Arrive Alive - Road Users Must See!
Arrive Alive - Road Users Must See! Arrive Alive - Road Users Must See!
Arrive Alive - Road Users Must See!cherie22579
 
#SaferCarsForAfrica - Collins Khumalo, AA South Africa
#SaferCarsForAfrica - Collins Khumalo, AA South Africa#SaferCarsForAfrica - Collins Khumalo, AA South Africa
#SaferCarsForAfrica - Collins Khumalo, AA South AfricaGlobal NCAP
 
Federal Mogul Award for 2015
Federal Mogul Award for 2015Federal Mogul Award for 2015
Federal Mogul Award for 2015Harvey Echols
 
Estudo sobre tombamentos e capotamentos
Estudo sobre tombamentos e capotamentosEstudo sobre tombamentos e capotamentos
Estudo sobre tombamentos e capotamentosRoberto Fernandes
 
Introduction eight steps to ethical decision making
Introduction eight steps to ethical decision makingIntroduction eight steps to ethical decision making
Introduction eight steps to ethical decision makingaggiepride2012
 
Choose the safest car for your teen - Floyd Arthur Presentation
Choose the safest car for your teen - Floyd Arthur PresentationChoose the safest car for your teen - Floyd Arthur Presentation
Choose the safest car for your teen - Floyd Arthur PresentationFloyd Arthur
 
DeFranco Insurance Services Presentation
DeFranco Insurance Services PresentationDeFranco Insurance Services Presentation
DeFranco Insurance Services PresentationDeFrancoInsurance
 
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts AccidentsDriver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts AccidentsColucci, Colucci & Marcus, P.C
 

What's hot (20)

#SaferCarsForAfrica - Alejandro Furas, Global NCAP
#SaferCarsForAfrica - Alejandro Furas, Global NCAP#SaferCarsForAfrica - Alejandro Furas, Global NCAP
#SaferCarsForAfrica - Alejandro Furas, Global NCAP
 
Driving safely
Driving safelyDriving safely
Driving safely
 
New Text Message! Save a Life, Don't Text and Drive
New Text Message! Save a Life, Don't Text and DriveNew Text Message! Save a Life, Don't Text and Drive
New Text Message! Save a Life, Don't Text and Drive
 
Vieview Automobile 3
Vieview Automobile 3Vieview Automobile 3
Vieview Automobile 3
 
An In-Depth Look at Car Insurance
An In-Depth Look at Car InsuranceAn In-Depth Look at Car Insurance
An In-Depth Look at Car Insurance
 
Texting and driving
Texting and drivingTexting and driving
Texting and driving
 
#SaferCarsForAfrica - David Ward, Global NCAP
#SaferCarsForAfrica - David Ward, Global NCAP#SaferCarsForAfrica - David Ward, Global NCAP
#SaferCarsForAfrica - David Ward, Global NCAP
 
Traffic Accidents
Traffic AccidentsTraffic Accidents
Traffic Accidents
 
Seatbelts white paper
Seatbelts white paperSeatbelts white paper
Seatbelts white paper
 
7 Common Types of Car Accidents
7 Common Types of Car Accidents7 Common Types of Car Accidents
7 Common Types of Car Accidents
 
The GM Recalls!!
The GM Recalls!!The GM Recalls!!
The GM Recalls!!
 
Arrive Alive - Road Users Must See!
Arrive Alive - Road Users Must See! Arrive Alive - Road Users Must See!
Arrive Alive - Road Users Must See!
 
Arrive Alive
Arrive AliveArrive Alive
Arrive Alive
 
#SaferCarsForAfrica - Collins Khumalo, AA South Africa
#SaferCarsForAfrica - Collins Khumalo, AA South Africa#SaferCarsForAfrica - Collins Khumalo, AA South Africa
#SaferCarsForAfrica - Collins Khumalo, AA South Africa
 
Federal Mogul Award for 2015
Federal Mogul Award for 2015Federal Mogul Award for 2015
Federal Mogul Award for 2015
 
Estudo sobre tombamentos e capotamentos
Estudo sobre tombamentos e capotamentosEstudo sobre tombamentos e capotamentos
Estudo sobre tombamentos e capotamentos
 
Introduction eight steps to ethical decision making
Introduction eight steps to ethical decision makingIntroduction eight steps to ethical decision making
Introduction eight steps to ethical decision making
 
Choose the safest car for your teen - Floyd Arthur Presentation
Choose the safest car for your teen - Floyd Arthur PresentationChoose the safest car for your teen - Floyd Arthur Presentation
Choose the safest car for your teen - Floyd Arthur Presentation
 
DeFranco Insurance Services Presentation
DeFranco Insurance Services PresentationDeFranco Insurance Services Presentation
DeFranco Insurance Services Presentation
 
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts AccidentsDriver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
Driver Awareness Of Tractor Trailers Can Prevent Massachusetts Accidents
 

Similar to Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

The Self-Driving Car
The Self-Driving CarThe Self-Driving Car
The Self-Driving CarFred Phillips
 
Automotive Industry Disruption
Automotive Industry Disruption Automotive Industry Disruption
Automotive Industry Disruption asTech
 
Auto theft prevention using gsm @1000KV Technologies 9030844877
Auto theft prevention using gsm @1000KV Technologies 9030844877Auto theft prevention using gsm @1000KV Technologies 9030844877
Auto theft prevention using gsm @1000KV Technologies 90308448771000kv technologies
 
Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...
Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...
Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...Sean M. Lyden
 
autonomous_vehicle_working_paper_01072020-_508_compliant.pdf
autonomous_vehicle_working_paper_01072020-_508_compliant.pdfautonomous_vehicle_working_paper_01072020-_508_compliant.pdf
autonomous_vehicle_working_paper_01072020-_508_compliant.pdfPandurangGurakhe
 
Blanca Sanchez Carrera, Director, Strategy & Innovation, Hertz
Blanca Sanchez Carrera, Director, Strategy & Innovation, HertzBlanca Sanchez Carrera, Director, Strategy & Innovation, Hertz
Blanca Sanchez Carrera, Director, Strategy & Innovation, HertzWorld_Forum_Disrupt
 
Over-The-Air Care @ Connected Car Expo.
Over-The-Air Care @ Connected Car Expo.Over-The-Air Care @ Connected Car Expo.
Over-The-Air Care @ Connected Car Expo.Mahbubul Alam
 
Autonomous Vehicles and the Impact on Fleet
Autonomous Vehicles and the Impact on FleetAutonomous Vehicles and the Impact on Fleet
Autonomous Vehicles and the Impact on FleetSean M. Lyden
 
Acme technology and the future of auto insurance - december 4, 2014
Acme technology and the future of auto insurance - december 4, 2014Acme technology and the future of auto insurance - december 4, 2014
Acme technology and the future of auto insurance - december 4, 2014Blair Currie
 
Dumb and dumber or fast and furious
Dumb and dumber or fast and furiousDumb and dumber or fast and furious
Dumb and dumber or fast and furiousReputelligence
 
Hacked Vehicles - InfoSec
Hacked Vehicles - InfoSecHacked Vehicles - InfoSec
Hacked Vehicles - InfoSecAlejandro Chang
 
Connectivity levels of autonomy by Steve Surhigh
Connectivity levels of autonomy by Steve SurhighConnectivity levels of autonomy by Steve Surhigh
Connectivity levels of autonomy by Steve SurhighHARMAN Connected Services
 
Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation Liz Slocum
 
I International Workshop RFID and IoT - Dia 19 - identificação automática ...
I International Workshop RFID and IoT - Dia 19 - identificação automática ...I International Workshop RFID and IoT - Dia 19 - identificação automática ...
I International Workshop RFID and IoT - Dia 19 - identificação automática ...CPqD
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Mahbubul Alam
 

Similar to Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico (20)

The Self-Driving Car
The Self-Driving CarThe Self-Driving Car
The Self-Driving Car
 
Automotive Industry Disruption
Automotive Industry Disruption Automotive Industry Disruption
Automotive Industry Disruption
 
Auto theft prevention using gsm @1000KV Technologies 9030844877
Auto theft prevention using gsm @1000KV Technologies 9030844877Auto theft prevention using gsm @1000KV Technologies 9030844877
Auto theft prevention using gsm @1000KV Technologies 9030844877
 
Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...
Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...
Autonomous Vehicles are Coming Sooner Than You Think. Are You Ready for the S...
 
autonomous_vehicle_working_paper_01072020-_508_compliant.pdf
autonomous_vehicle_working_paper_01072020-_508_compliant.pdfautonomous_vehicle_working_paper_01072020-_508_compliant.pdf
autonomous_vehicle_working_paper_01072020-_508_compliant.pdf
 
Blanca Sanchez Carrera, Director, Strategy & Innovation, Hertz
Blanca Sanchez Carrera, Director, Strategy & Innovation, HertzBlanca Sanchez Carrera, Director, Strategy & Innovation, Hertz
Blanca Sanchez Carrera, Director, Strategy & Innovation, Hertz
 
Over-The-Air Care @ Connected Car Expo.
Over-The-Air Care @ Connected Car Expo.Over-The-Air Care @ Connected Car Expo.
Over-The-Air Care @ Connected Car Expo.
 
Autonomous Vehicles and the Impact on Fleet
Autonomous Vehicles and the Impact on FleetAutonomous Vehicles and the Impact on Fleet
Autonomous Vehicles and the Impact on Fleet
 
Acme technology and the future of auto insurance - december 4, 2014
Acme technology and the future of auto insurance - december 4, 2014Acme technology and the future of auto insurance - december 4, 2014
Acme technology and the future of auto insurance - december 4, 2014
 
Dumb and dumber or fast and furious
Dumb and dumber or fast and furiousDumb and dumber or fast and furious
Dumb and dumber or fast and furious
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
 
2018 STS - Breakout 2: In-Cab Technology: Changing the Role of Drivers
2018 STS - Breakout 2: In-Cab Technology: Changing the Role of Drivers2018 STS - Breakout 2: In-Cab Technology: Changing the Role of Drivers
2018 STS - Breakout 2: In-Cab Technology: Changing the Role of Drivers
 
Vehicle security system final report
Vehicle security system final reportVehicle security system final report
Vehicle security system final report
 
Hacked Vehicles - InfoSec
Hacked Vehicles - InfoSecHacked Vehicles - InfoSec
Hacked Vehicles - InfoSec
 
Connectivity levels of autonomy by Steve Surhigh
Connectivity levels of autonomy by Steve SurhighConnectivity levels of autonomy by Steve Surhigh
Connectivity levels of autonomy by Steve Surhigh
 
Car to car communication
Car to car communicationCar to car communication
Car to car communication
 
Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation Connected Car Security and the Future of Transportation
Connected Car Security and the Future of Transportation
 
I International Workshop RFID and IoT - Dia 19 - identificação automática ...
I International Workshop RFID and IoT - Dia 19 - identificação automática ...I International Workshop RFID and IoT - Dia 19 - identificação automática ...
I International Workshop RFID and IoT - Dia 19 - identificação automática ...
 
ward auto article
ward auto articleward auto article
ward auto article
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

  • 1.
  • 2.
  • 3. Data in cars can be creepy…
  • 5.
  • 6. • Is killing the engine of a car while riding on the highway the only threat model?Who is best served by this narrative? • Are we sure a few hours of tinkering aren’t sufficient?Why use sophisticated approaches when simple does it?
  • 7. Who commits the most crimes? Adversary states or common criminals? PIRATETIP #1: FOCUS ON COMMON CRIMINALS (THIEVES, FRAUDSTERS, STALKERS, ETC.) What is an easy and established way to make (illegal) profits using cars? Rethink The Threat Model Today the narrative on vehicle cybersecurity is about foreign actors and terrorists trying to kill us or cripple the infrastructure BUT…
  • 8. PIRATETIP #2: FOCUS ON NEW FEATURES THAT HAVE BEEN ADDED FOR CONVENIENCE ORTO OFFER NEW SERVICES Gone in 49 seconds
  • 9. German Automotive Club (ADAC)Test of 237 vehicles: only ONE resisted keyfob attacks • Alfa Romeo (2/2) • Audi (17/17) • BMW (30/30) • Chevrolet (1/1) • Citroen (5/5) • DS Auto (1/1) • Fiat (2/2) • Ford (10/10) • Honda (2/2) • Hyundai (15/15) • Infiniti (1/2) • Peugeot (5/5) • Renault (15/15) • Seat (5/5) • Skoda (9/9) • SsangYong (2/2) • Suzuki (6/6) • Subaru (5/5) • Tesla (2/2) • Toyota (8/8) • Volvo (12/13) • VW (15/15) • Jaguar (1/2) • Jeep (1/1) • KIA (14/14) • Land Rover (1/4) • Lexus (2/2) • Mazda (6/7) • Mercedes (9/9) • Mini (4/4) • Mitsubishi (3/3) • Nissan (8/8) • Opel (10/10) PIRATETIP #3: INCLUDE PHYSICAL ACCESSTO YOURTHREAT MODEL What is even scarier? IT’S NOT A BUG, IT’S A FEATURE
  • 10. Most scary: strangers get in other people’s cars ALL THE TIME! Source Driver (# users) Incidence % # opportunities Rental 1m/day 99% 350m/year Used sales 40m/year, 5Xvisits 50% 100m/year Wholesaling 25m/year, 8X visits 50% 100m/year Repos + total loss 3m/year, 10X visits 86% 25m/year Fleets (ex. rental) 2m/year, 6X users 66% 8m/year Service 269m 2X/year 50% 135m/year Valet 269m 2X/year 50% 135m/year TOTAL >700m/year Estimates: USA only!
  • 11. Is car hacking like this? (need huge, complex tools to drill through a 6-inch plate of steel?)
  • 12. CarsBlues $45, a few minutes, no coding Or how about this?
  • 13. Hi, my name is Sofia, I am 8 years old, and I am here to teach you how to hack a car.
  • 14. Working with the Auto-ISAC • “Sealed” responsible disclosure Feb-Jun ‘18 • Process guided by Auto-ISAC • 22 makes from many OEMs involved (tests conducted in NA + EU) • Agreed “weakness” affects tens of millions of vehicles in circulation
  • 15. YMMV: reactions to disclosure That’s cool! That sucked! • <48h to respond • Met at R&D center • Had flown people in from across the globe • Hack on video • Very defensive • Mocked hack was nothing new (so why this “obvious” vulnerability is still around?) • Unhappy about not joining their bug bounty • Minimize risk in front of authorities
  • 16. • Happens all the time, everywhere • Worse with more recently manufactured vehicles (people sync more, more data captured for each vehicle • Worse if vehicle shared (rental, carshare, pools, etc.) Plenty of Data to be Found System absent Percentage of sample Not found or not reported System present, personal info present 396 vehicles 1 10 10 39 4 99 51 86 Rental US Auction UK auction 600+ vehicles 96 vehicles
  • 17. MUST change the #ThreatModel www.Privacy4Cars.com
  • 18. Thoughts for future research… CarsBlues gets around three “pins” Have working hypothesis on how to get around 4th layer of defense and hack ALL cars CarsBluesII • Please use #CarsBlues hashtag onTwitter if you give CarsBlues (or CarsBluesII) a go • DM @Privacy4Cars if you are interested in collaborating
  • 20. Thoughts for future research #2 While some have reported the fraudulent rentals as “hacking” Car2go communications director Michael Silverman made clear by email that no such hack occurred. “None of our member’s personal or confidential information has been compromised, and no other SHARE NOW North American cities have been affected,” Silverman commented. Local investigative reporter Brad Edwards indicates that the stolen cars were used to commit crimes, it would seem he intends that to mean above and beyond grand theft auto and alleged credit card fraud, I suppose. The Car2go Mercedes were unlocked with the app, then. Some speculate that this was done with stolen credit card data. For their part, Car2go does not seem to indicate that any app vulnerabilities existed, and claim no customers should be worried about their data.
  • 21. Our objective is to raise the public’s, industry’s, regulators’, and advocates’ awareness on the issue of personal data collection, to drive transparency, and to put safety nets in place for consumers https://www.privacy4cars.com PLEASE USETHIS INFORMATION RESPONSIBLY Follow us: @Privacy4Cars Subscribe: Privacy4Cars Data should always be deleted before any vehicle handoff!