Open Sourcing Automotive Diagnostics

Presented at Black Hat Asia 2017, March 30, 2017, 2:15 p.m. (60 minutes)

Automotive systems use a small number of protocols for diagnostic functionality. As researchers, it's very useful to be able to interact with these protocols to look for undocumented features and vulnerabilities. As vehicle owners, it's useful to have access to these protocols, as they implement all the diagnostics needed to repair a modern car.<br /> <br /> The problem? There's no low cost tools for dealing with these protocols. Furthermore, the protocol specifications aren't free. While we can't release the specifications, we can release an open source implementation!<br /> <br /> In this talk, we'll go over how automotive diagnostics work, and why they're so interesting for attackers. Then, we'll present an open source Unified Diagnostic Services (ISO14229) stack implemented in Python. Finally, we'll have some demos of how to use the stack in a Python interpreter, to quickly explore diagnostic systems.

Presenters:

• Eric Evenchick - Director, Linklayer Labs
  Eric Evenchick currently runs Linklayer Labs, a company focused on building open source hardware tools for security analysis of embedded systems. In the past, Eric held the role of Security Architect at Faraday Future, working on developing security solutions for a new, highly connected vehicle. Eric's experience in the automotive industry began at the University of Waterloo, where he was part of a team developing alternative fuel vehicles. As part of the University of Waterloo Alternative Fuels Team, he lead the electrical systems design of a hydrogen-electic hybrid and an ethanol-electic hybrid. He was also an intern at Tesla Motors, and was one of the first people to find vulnerabilities at the company. For many years, Eric has had a strong interest in cybersecurity. Since becoming involved in the Information Security community four years ago, Eric has spoken at Blackhat events in USA, Asia, and Europe, SecTor, Toorcon, and many other local events. These talks have focused on automotive systems security, and other embedded security topics. His work on embedded security has been featured by several publications, including Wired and Forbes.

Links:

• https://www.blackhat.com/asia-17/briefings/schedule/#open-sourcing-automotive-diagnostics-5491
• https://www.youtube.com/watch?v=2qcBVxCZr4k

Similar Presentations:

• Black Hat Asia 2015 / Hopping on the CAN Bus
• Still Hacking Anyway (SHA2017) / Parkour communications: How you can communicate, free running style, using nothing but the 'fixtures' of the Internet.
• ToorCon San Diego 16 (2014) / Hopping on the CAN Bus