The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)

Presented at DEF CON 32 (2024), Aug. 11, 2024, 11 a.m. (45 minutes).

This is not a talk in which I will demonstrate exploit chains obtained from the underworld after signing with blood. It’s about sharing meaningful stories from said underworld. The automotive underworld of huge corporations, short deadlines and lukewarm engineers. The one where companies fight for packing more and more functionality inside your computer on wheels, without paying attention to one of the things that our life actually depends on right now, cybersecurity. While others talk about extremely significant remote vulnerabilities, I will focus on a high-level view of architecture and design of vehicles and where security fits in these processes. I will go through a journey of exploitation, from discovering 0days, to persuading engineers for the significance of a finding, by putting him in the driving seat and engaging the breaks mid-journey. I will conclude, trying to understand why this is happening, why this behavior towards security still exists in the automotive industry, and how a small manufacturer managed to create one of the most secure embedded systems I faced in my career. All this, with a series of demos in real targets, and a real ECU on stage. Our ultimate goal is to help people understand the state of the industry, spark the interest which can come out of hacking a computer on wheels, and try to raise awareness with a bit of hack, a bit of crash and two smoking barrels. 1. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., ... & Savage, S. (2010, May). Experimental security analysis of a modern automobile. In 2010 IEEE symposium on security and privacy (pp. 447-462). IEEE. 2. Miller, C., & Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Black Hat USA, 2015(S 91), 1-91. 3. Cai, Z., Wang, A., Zhang, W., Gruffke, M., & Schweppe, H. (2019). 0-days & mitigations: roadways to exploit and secure connected BMW cars. Black Hat USA, 2019(39), 6. 4. Tencent. Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars. 5. [link](https://rollingpwn.github.io/rolling-pwn/) 6. UNECE, G. W. (2021). UN Regulation No. 155—Cyber Security and Cyber Security Management System. Technical Report. United Nations. 7. ISO. (2013). ISO 14229: Road vehicles — Unified Diagnostic Services (UDS).

Presenters:

• Thomas "Cr0wTom" Sermpinis - Technical Director at Auxilium Pentest Labs
  Thomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Pentest Labs and independent security researcher with main topics of interest in the automotive, industrial control, embedded device, and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products. Additionally, he spoke in several highly technical security conferences, presenting his research and trying to create safer streets for drivers, passengers, pedestrians, and everyone in the street, including Zer0Con, TyphoonCon, TROOPERS, DeepSec and others.

Similar Presentations:

• Black Hat USA 2014 / A Survey of Remote Automotive Attack Surfaces
• Black Hat USA 2019 / 0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
• May Contain Hackers (MCH2022) / A Brief History of Automotive Insecurities