How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles

Presented at DEF CON 21 (2013), Aug. 3, 2013, 3:30 p.m. (20 minutes)

This presentation introduces the underlying protocols on automobile communication system networks of passenger vehicles and evaluates their security. Although reliable for communication, vehicle protocols lack inherit security measures. This work focuses strongly on controller area networks (CANs) and the lack of authentication and validation of CAN messages. Current data security methods for CAN networks rely on the use of proprietary CAN message IDs along with physical boundaries between the CAN bus and the outside world. As we all know, security through obscurity is not true security. These message IDs can be reverse engineered and spoofed to yield a variety of results. This talk discusses methods for reverse engineering proprietary CAN messages. These reverse engineered messages are then injected onto the CAN bus of a 2003 Mini Cooper with the help of cheap Arduino hardware hacking. Additionally, a proof of concept will be demonstrated on how to build your own rogue CAN node to take over a CAN network and potentially manipulate critical components of a vehicle. The proof of concept demonstrates taking full control of the instrument cluster using the reverse engineering methods presented.

Presenters:

• Jason Staggs - Grad Student and Research Assistant, University of Tulsa
  Jason Staggs is currently a graduate student in computer science and a security research assistant at the Institute for Information Security (iSec) at The University of Tulsa. He also is involved with The University of Tulsa's Crash Reconstruction Research Consortium (TU-CRRC) where he occasionally gets to hack and wreck a variety of vehicles. Before attending graduate school, Jason worked as a cyber-security analyst for a leading information security firm, True Digital Security in Tulsa, OK. Jason holds a Bachelors degree in Information Assurance and Forensics from Oklahoma State University along with several industry certifications. His research interests include network intrusion detection systems, digital forensics, critical infrastructure protection, and reverse engineering.

Links:

• https://defcon.org/html/defcon-21/dc-21-speakers.html#Staggs
• https://infocon.org/cons/DEF CON/DEF CON 21/DEF CON 21 video and slides/DEF CON 21 - Jason Staggs - How to Hack Your Mini Cooper - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=inzynFrABgs

Tags:

• Car Hacking

Similar Presentations:

• Black Hat USA 2015 / Remote Exploitation of an Unaltered Passenger Vehicle
• Still Hacking Anyway (SHA2017) / How to Defend Cars
• Black Hat USA 2016 / Advanced CAN Injection Techniques for Vehicle Networks