A Survey of Remote Automotive Attack Surfaces

Presented at Black Hat USA 2014, Aug. 6, 2014, 11:45 a.m. (60 minutes)

Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes. Unfortunately, research has only been presented on three or four particular vehicles. Each manufacturer designs their fleets differently; therefore analysis of remote threats must avoid generalities. This talk takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset, we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last five years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward?

Presenters:

• Christopher Valasek - IOActive
  Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a BS in Computer Science from the University of Pittsburgh.
• Charlie Miller - @0xcharlieTwitter
  Charlie Miller is a security engineer at Twitter. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four-time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as, "It's complicated."

Links:

• https://www.blackhat.com/us-14/archives.html#a-survey-of-remote-automotive-attack-surfaces
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2014/video/A Survey of Remote Automotive Attack Surfaces.mp4
• https://www.youtube.com/watch?v=MAGacjNw0Sw

Similar Presentations:

• Kawaiicon (2019) / Automotive Control Systems Security: Where and I going and why am I in this handbasket?
• DEF CON 22 (2014) / A Survey of Remote Automotive Attack Surfaces
• BSidesLV 2015 / State of Automotive Cyber Safety