A Stepping Stone To Car Hacking

Presented at TROOPERS18 (2018), March 14, 2018, 11:30 a.m. (Unknown duration)

This talk discusses the less known side of automotive cyber security - the ecosystem that allows OEMs to interact, calibrate, collect usage data and keep updated the car's Electronic Control Units (ECUs). We will explain the architecture of the ecosystem, analyze it's potential flaws and their implications on currently deployed ecosystems.

In recent years the security community started paying great attention to the weird machines that take people from A to B. These behemoths are filled with "intelligent" digitized decision-making devices which are responsible for the car's proper functionality and, consequently, our physical well being. While great deal of research was invested in the traditional attack vectors targeting these devices, the ecosystem managing and interacting with them was not thoroughly examined. It's time to take a look at the big picture.

In this talk we explain the ecosystem in which automotive vendors interact with car ECUs. We will discuss the various attack vectors against each component in the ecosystem and the implication regarding the other components. We will also explore possible complications of this ecosystem's vulnerabilities.

Finally, we will publish our research methods and some of our tools. We will also share some tips and insights from our on-going research.


Presenters:

  • Liran Zwickel
    Liran is a cyber security researcher at Enigmatos, specializes in embedded low-level systems, and experienced with linux internals and kernel. Liran has a demonstrated history of 6 years experience as an officer in the IDF, participating in a wide variety of projects in the cyber domain. Liran has B.Sc in Computer Science and today the leads various automotive security research projects at Enigmatos.
  • Alex Fok
    Alex is the CTO of Enigmatos, an Automotive Cyber Security company. Alex brings twenty years of experience of software development in leading Israeli and US High Tech companies. Alex has lead various development projects as Group Manager, Architect and CTO. Alex was Chief Architect of ooVoo - High Scale Software As a Service platform, handling hundreds of millions of customers worldwide. Alex was CheckPoint Big Data Architect leading several projects focused on Big Data and Machine Learning in Cyber Security domain. Alex holds B.Sc in Computer Science and MBA. In his free time Alex likes to run ultramarathons and conduct fun security research.
  • Yannay Livneh
    Yannay is a security researcher at Enigmatos interested in Linux, Low-Level Vulnerabilities and Exploits, Embedded Devices and everything nice. Yannay also enjoys playing CTF every now and then, injure his tendons on V8 bouldering problems and write about himself in third person. In the last years Yannay found some nice vulnerabilities and developed some general exploitation techniques which he published in conferences, blogs and magazines such as PoC, CCC, HITCON, PoC||GTFO and others. Before having an adult civil life, Yannay served as a researcher and developer in the IDF after graduating his bachelor's degree in C.S. at the age of 18.

Links:

Tags:

Similar Presentations: