SlideShare ist ein Scribd-Unternehmen logo

Lets get started with car hacking - Ankit Joshi

NSConclave
NSConclave

This talk is about technology and protocols used in modern cars and attack surfaces in modern cars. https://nsconclave.net-square.com/car-hacking.html

Technologie
1 von 20
Let’s Get Started With Car Hacking By Ankit Joshi
#WhoAmI Ankit Joshi aka BH4 Security Analyst with Net-square Pvt. Ltd. Red Teamer
➢ Understanding Threat Models ➢ CAN Protocol ➢ Other Protocol ➢ ECU ➢ Play With Can Bus ➢ From Where You Can Start Content
Understanding Threat Models In 2017, 50%+ Model are vulnerable to 8 or more than 8 remote attack surface from different mackers.
List Of Car Component’s
General Vulnerability Found in Car Hard Coded or Non-existence of Bluetooth Pin. Can Packet Injection. Weak Wpa2 Passwords. Admin Consoles Open For Internet. Insecure Firmware Updates And Downloads.
CAN (Controlled Area Network) CAN is the central nervous system that enables communication between all/some parts of the car. CAN was originally developed by BOSCH in 1985 as an intra-vehicular communication system. The main motive of proposing CAN was that it allowed multiple ECU to be communicated with only a single wire. A modern car can have as much as 70 ECUs
Working Of CAN Frame A CAN frame has 3 major parts ● Arbitration Identifier ● Data Length Code ● Data field CAN runs on two wires: CAN high (CANH) and CAN low (CANL).
Can Bus Frame
CAN pins cable view on the OBD-II connector OBD (Onboard Diagnostics)
CAN Bus Waveforms
Other Protocol The CANopen Protocol. The GMLAN Bus. The ISO-TP Protocol. The SAE J1850 Protocol. The PWM Protocol. The VPW Protocol.
ECU (Electronic Control Unit) IC Embedded Circuits Reads Data From Sensors ❖ Temperature ❖ Tyre Pressure ❖ Engine Fluids ❖ Many more
Types Of ECU Main ECU ❖ ECM -> Engine Control Module. ❖ EBCM -> Electronic Brake Control Module. ❖ PCM -> Power Control Module. 32- Bit 40 Mhz Processor With Code Size of 1 mb Max .
From Where You Can Start http://opengarages.org/handbook/ebook/#calibre_link-382 https://www.slideshare.net/getcarloop/car-hacking-101 https://medium.com/supplyframe-hardware/def-con-27-car-hacking-village-eb 471a02b93a https://medium.com/@tbruno25/car-hacking-the-can-bus-tutorial-i-wish-i-had- 783d7e0a2046 And Google
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit Joshi

Empfohlen

202_camera ready_RTEICT_16_prasanth (1)
202_camera ready_RTEICT_16_prasanth (1)202_camera ready_RTEICT_16_prasanth (1)
202_camera ready_RTEICT_16_prasanth (1)Prasanth R
 
Voice operated home appliance control
Voice operated home appliance controlVoice operated home appliance control
Voice operated home appliance controlEcwayt
 
Ethernet sniffer project
Ethernet sniffer projectEthernet sniffer project
Ethernet sniffer projectRadostin Natan
 
CAN Bus and OBD-II
CAN Bus and OBD-II CAN Bus and OBD-II
CAN Bus and OBD-II roadster43
 
IP PHONES - *astTECS
IP PHONES - *astTECSIP PHONES - *astTECS
IP PHONES - *astTECSSalman Muhammed Ashraf
 
Pap2 T Sip 3
Pap2 T Sip 3Pap2 T Sip 3
Pap2 T Sip 3akbar2266778899
 
What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009
What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009
What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009mp3Car
 
UGM CAN PXI
UGM CAN PXIUGM CAN PXI
UGM CAN PXIInterlatin
 

Empfohlen

202_camera ready_RTEICT_16_prasanth (1)
202_camera ready_RTEICT_16_prasanth (1)202_camera ready_RTEICT_16_prasanth (1)
202_camera ready_RTEICT_16_prasanth (1)Prasanth R
 
Voice operated home appliance control
Voice operated home appliance controlVoice operated home appliance control
Voice operated home appliance controlEcwayt
 
Ethernet sniffer project
Ethernet sniffer projectEthernet sniffer project
Ethernet sniffer projectRadostin Natan
 
CAN Bus and OBD-II
CAN Bus and OBD-II CAN Bus and OBD-II
CAN Bus and OBD-II roadster43
 
IP PHONES - *astTECS
IP PHONES - *astTECSIP PHONES - *astTECS
IP PHONES - *astTECSSalman Muhammed Ashraf
 
Pap2 T Sip 3
Pap2 T Sip 3Pap2 T Sip 3
Pap2 T Sip 3akbar2266778899
 
What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009
What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009
What Is Obd Scan Tool Presentation Mp3 Car Afk Fest 2009mp3Car
 
UGM CAN PXI
UGM CAN PXIUGM CAN PXI
UGM CAN PXIInterlatin
 
Embedded One.pdf
Embedded One.pdfEmbedded One.pdf
Embedded One.pdfSezzar
 
Overview of automotive network protocol
Overview of automotive network protocolOverview of automotive network protocol
Overview of automotive network protocolpoojashinde212
 
Controller Area Network (CAN) Different Types
Controller Area Network (CAN) Different TypesController Area Network (CAN) Different Types
Controller Area Network (CAN) Different TypesFebinShaji9
 
7hj
7hj7hj
7hjToleef Yesus
 
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...Guy Boulianne
 
Controller area network (can bus)
Controller area network (can bus)Controller area network (can bus)
Controller area network (can bus)nassim unused
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network securityFFRI, Inc.
 
11.chapters
11.chapters11.chapters
11.chaptersBhanuprakash K
 
VineeshKumar_Resume
VineeshKumar_ResumeVineeshKumar_Resume
VineeshKumar_ResumeVineesh Kumar K P M
 
Edmunds presentation
Edmunds presentationEdmunds presentation
Edmunds presentationAlison Chaiken
 
Can Protocol For Automobiles
Can Protocol For AutomobilesCan Protocol For Automobiles
Can Protocol For AutomobilesSofcon India Pvt Ltd.
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAlison Chaiken
 
Next-Gen In-Vehicle Software Opportunities
Next-Gen In-Vehicle Software OpportunitiesNext-Gen In-Vehicle Software Opportunities
Next-Gen In-Vehicle Software OpportunitiesAlison Chaiken
 
Smart home automation system
Smart home automation systemSmart home automation system
Smart home automation systemPawan Kumar Ganjhu
 
Epma 013
Epma 013Epma 013
Epma 013Lecturer
 
The next frontier: open source in the car
The next frontier: open source in the carThe next frontier: open source in the car
The next frontier: open source in the carAlison Chaiken
 
Bluetooth Controlled Robot Project Report
Bluetooth Controlled Robot Project ReportBluetooth Controlled Robot Project Report
Bluetooth Controlled Robot Project ReportSimarjot Singh Kalsi
 
OSGi Technology in the Vehicle - H U Michel
OSGi Technology in the Vehicle - H U MichelOSGi Technology in the Vehicle - H U Michel
OSGi Technology in the Vehicle - H U Michelmfrancis
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionNSConclave
 

Weitere ähnliche Inhalte

Ähnlich wie Lets get started with car hacking - Ankit Joshi

Embedded One.pdf
Embedded One.pdfEmbedded One.pdf
Embedded One.pdfSezzar
 
Overview of automotive network protocol
Overview of automotive network protocolOverview of automotive network protocol
Overview of automotive network protocolpoojashinde212
 
Controller Area Network (CAN) Different Types
Controller Area Network (CAN) Different TypesController Area Network (CAN) Different Types
Controller Area Network (CAN) Different TypesFebinShaji9
 
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...Guy Boulianne
 
Controller area network (can bus)
Controller area network (can bus)Controller area network (can bus)
Controller area network (can bus)nassim unused
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network securityFFRI, Inc.
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAlison Chaiken
 
Next-Gen In-Vehicle Software Opportunities
Next-Gen In-Vehicle Software OpportunitiesNext-Gen In-Vehicle Software Opportunities
Next-Gen In-Vehicle Software OpportunitiesAlison Chaiken
 
The next frontier: open source in the car
The next frontier: open source in the carThe next frontier: open source in the car
The next frontier: open source in the carAlison Chaiken
 
Bluetooth Controlled Robot Project Report
Bluetooth Controlled Robot Project ReportBluetooth Controlled Robot Project Report
Bluetooth Controlled Robot Project ReportSimarjot Singh Kalsi
 
OSGi Technology in the Vehicle - H U Michel
OSGi Technology in the Vehicle - H U MichelOSGi Technology in the Vehicle - H U Michel
OSGi Technology in the Vehicle - H U Michelmfrancis
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckSecurity Innovation
 

Ähnlich wie Lets get started with car hacking - Ankit Joshi (20)

Embedded One.pdf
Embedded One.pdfEmbedded One.pdf
Embedded One.pdf
 
Overview of automotive network protocol
Overview of automotive network protocolOverview of automotive network protocol
Overview of automotive network protocol
 
Controller Area Network (CAN) Different Types
Controller Area Network (CAN) Different TypesController Area Network (CAN) Different Types
Controller Area Network (CAN) Different Types
 
7hj
7hj7hj
7hj
 
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
 
Controller area network (can bus)
Controller area network (can bus)Controller area network (can bus)
Controller area network (can bus)
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network security
 
11.chapters
11.chapters11.chapters
11.chapters
 
VineeshKumar_Resume
VineeshKumar_ResumeVineeshKumar_Resume
VineeshKumar_Resume
 
Edmunds presentation
Edmunds presentationEdmunds presentation
Edmunds presentation
 
Can Protocol For Automobiles
Can Protocol For AutomobilesCan Protocol For Automobiles
Can Protocol For Automobiles
 
Automotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and TransparencyAutomotive Linux, Cybersecurity and Transparency
Automotive Linux, Cybersecurity and Transparency
 
Next-Gen In-Vehicle Software Opportunities
Next-Gen In-Vehicle Software OpportunitiesNext-Gen In-Vehicle Software Opportunities
Next-Gen In-Vehicle Software Opportunities
 
Smart home automation system
Smart home automation systemSmart home automation system
Smart home automation system
 
Epma 013
Epma 013Epma 013
Epma 013
 
The next frontier: open source in the car
The next frontier: open source in the carThe next frontier: open source in the car
The next frontier: open source in the car
 
Bluetooth Controlled Robot Project Report
Bluetooth Controlled Robot Project ReportBluetooth Controlled Robot Project Report
Bluetooth Controlled Robot Project Report
 
OSGi Technology in the Vehicle - H U Michel
OSGi Technology in the Vehicle - H U MichelOSGi Technology in the Vehicle - H U Michel
OSGi Technology in the Vehicle - H U Michel
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEV
 
Connected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality CheckConnected Cars - Poster Child for the IoT Reality Check
Connected Cars - Poster Child for the IoT Reality Check
 

Mehr von NSConclave

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native LibraryNSConclave
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension DevelopmentNSConclave
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression InjectionNSConclave
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)NSConclave
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js DeserializationNSConclave
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing AdvancedNSConclave
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 

Mehr von NSConclave (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the ExtensionCreate a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js Deserialization
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP Injection
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Markdown
MarkdownMarkdown
Markdown
 
Docker 101
Docker 101Docker 101
Docker 101
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 

Kürzlich hochgeladen

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Kürzlich hochgeladen (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Lets get started with car hacking - Ankit Joshi

  • 1. Let’s Get Started With Car Hacking By Ankit Joshi
  • 2. #WhoAmI Ankit Joshi aka BH4 Security Analyst with Net-square Pvt. Ltd. Red Teamer
  • 3. ➢ Understanding Threat Models ➢ CAN Protocol ➢ Other Protocol ➢ ECU ➢ Play With Can Bus ➢ From Where You Can Start Content
  • 4. Understanding Threat Models In 2017, 50%+ Model are vulnerable to 8 or more than 8 remote attack surface from different mackers.
  • 5.
  • 6. List Of Car Component’s
  • 7. General Vulnerability Found in Car Hard Coded or Non-existence of Bluetooth Pin. Can Packet Injection. Weak Wpa2 Passwords. Admin Consoles Open For Internet. Insecure Firmware Updates And Downloads.
  • 8. CAN (Controlled Area Network) CAN is the central nervous system that enables communication between all/some parts of the car. CAN was originally developed by BOSCH in 1985 as an intra-vehicular communication system. The main motive of proposing CAN was that it allowed multiple ECU to be communicated with only a single wire. A modern car can have as much as 70 ECUs
  • 9.
  • 10. Working Of CAN Frame A CAN frame has 3 major parts ● Arbitration Identifier ● Data Length Code ● Data field CAN runs on two wires: CAN high (CANH) and CAN low (CANL).
  • 12. CAN pins cable view on the OBD-II connector OBD (Onboard Diagnostics)
  • 14. Other Protocol The CANopen Protocol. The GMLAN Bus. The ISO-TP Protocol. The SAE J1850 Protocol. The PWM Protocol. The VPW Protocol.
  • 15. ECU (Electronic Control Unit) IC Embedded Circuits Reads Data From Sensors ❖ Temperature ❖ Tyre Pressure ❖ Engine Fluids ❖ Many more
  • 16.
  • 17. Types Of ECU Main ECU ❖ ECM -> Engine Control Module. ❖ EBCM -> Electronic Brake Control Module. ❖ PCM -> Power Control Module. 32- Bit 40 Mhz Processor With Code Size of 1 mb Max .
  • 18. From Where You Can Start http://opengarages.org/handbook/ebook/#calibre_link-382 https://www.slideshare.net/getcarloop/car-hacking-101 https://medium.com/supplyframe-hardware/def-con-27-car-hacking-village-eb 471a02b93a https://medium.com/@tbruno25/car-hacking-the-can-bus-tutorial-i-wish-i-had- 783d7e0a2046 And Google