Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcherís point of view. We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, weíll discuss aspects of reading and modifying the firmware of ECUs installed in todayís modern automobile..The smart money is betting that security wasn't an afterthought, it wasn't thought of at all.
Charlie Miller (@0xcharlie) is a security engineer at Twitter. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated".
Chris Valasek (@nudehaberdasher) is the Director of Security Intelligence at IOActive, an industry leader that offers comprehensive computer security services, where he specializes in attack methodologies, reverse engineering and exploitation techniques. While widely regarded for his research on Windows heap exploitation, Valasek also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS and IBM/ISS. He is also the Chairman of SummerCon, the nationís oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh..
Tuesday, June 25, 2013
Have you hacked a Ford lately?
You'll be able to after a presentation at the DEFCON 21 security conference: