Advanced CAN Injection Techniques for Vehicle Networks

Presented at Black Hat USA 2016, Aug. 4, 2016, 9:45 a.m. (50 minutes)

The end goal of a remote attack against a vehicle is physical control, usually by injecting CAN messages onto the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, she may not be able to disable the brakes or turn the steering wheel unless the car she is driving meets certain prerequisites, such as traveling below a certain speed. In this talk, we discuss how physical, safety critical systems react to injected CAN messages and how these systems are often resilient to this type of manipulation. We will outline new methods of CAN message injection which can bypass many of these restrictions and demonstrate the results on the braking, steering, and acceleration systems of an automobile. We end by suggesting ways these systems could be made even more robust in future vehicles.

Presenters:

• Chris Valasek / redpantz - Uber ATC   as Chris Valasek
  Chris Valasek is security lead for Uber ATC. Mr. Valasek was one of the first researchers to publicly discuss automotive security issues in detail. He released code, data, and tools that allowed vehicles to be physically controlled through the vehicle's CAN bus. Valasek specializes in offensive research methodologies with a focus on reverse engineering and exploitation. He is also the Chairman of SummerCon, the United States' longest standing hacker conference.
• Charlie Miller - Uber ATC
  Charlie Miller is a security engineer at Uber ATC, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four-time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as 'it's complicated'.

Links:

• https://www.blackhat.com/us-16/briefings.html#advanced-can-injection-techniques-for-vehicle-networks
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2016/Advanced CAN Injection Techniques for Vehicle Networks.mp4
• https://www.youtube.com/watch?v=4wgEmNlu20c

Similar Presentations:

• Still Hacking Anyway (SHA2017) / How to Defend Cars
• Black Hat USA 2015 / Remote Exploitation of an Unaltered Passenger Vehicle
• DEF CON 23 (2015) / Remote Exploitation of an Unaltered Passenger Vehicle