SlideShare una empresa de Scribd logo

DefCamp 2013 - In vehicle CAN network security

DefCamp
DefCamp
TecnologíaEmpresariales
1 de 31
Descargar para leer sin conexión
In vehicle CAN network security An overview
Bogdan-Ioan Şuta • System manager at AtoS IT Solutions and Services • Former Embedded C developer at Hella Romania • Graduated Master in Automotive Embedded Software from "Politehnica" University of Timisoara • Interested in computers, cars and anything in between
Overview IN VEHICLE NETWORKS
In vehicle networks • Used for information sharing between ECUs (Electronic Control Unit) • Reduce the number of wires needed inside a vehicle between ECUs • Come in many forms: – By medium: two-wire, one-wire, optical, wireless – By protocol: Ethernet, CAN, LIN, FlexRay, MOST, K Line etc.
In vehicle networks
Overview CONTROLLER AREA NETWORK
Controller Area Network • • • • • Developed by Robert Bosch GmbH in 1983 Designed for electrically noisy environments Baud rates of up to 1Mb/s Broadcast type network Frames composed of (minimalistic): – ID field – used for arbitration – either 11 or 24 bits long – Data Field – actual transported data - up to 8 bytes – CRC Field – for error correction – 15 bits
HACKING VEHICLE NETWORKS
Hacking vehicle networks • MIT did it: – Comprehensive Experimental Analyses of Automotive Attack Surfaces http://youtu.be/bHfOziIwXic • Blogs made tutorials for it: – Hack a day http://hackaday.com/2013/10/21/can -hacking-introductions/ • Individuals also tried their luck: – http://secuduino.blogspot.ro/2011/04 /grupo-volkswagen-can-confort.html
Hacking vehicle networks • Various hardware is available to do it: – The OpenXC Platform http://openxcplatform.com/ – Arduino shields are available http://www.skpang.co.uk/catalog/arduinocanbus-shield-with-usd-card-holder-p-706.html – Custom – any microcontroller with a CAN controller with an CAN transceiver will work
At hacking the CAN bus MY ATTEMPTS
Proposition • Connect to the CAN bus • Identify messages being transmitted on the bus • Perform spoofing and flood attacks • Do not get into diagnostic based attacks (change odometer, disable immobilizer)
Setup • • • • • VW Passat 2001 Breadboard mBed LPC 1768 development board 2x Microchip MCP 2551 CAN tranceivers PC with TerraTerm used for communicating with the mBed • mBed programmed for CAN monitoring, flooding and spoofing • First connection attempt: – Male OBD-II connector connected to the diagnostic port of the CAR • Second attempt: – Twisted pair of conductors from a CAT-5 cable connected at the back of the VW Climatronic
FIRST ATTEMPT Using OBD connector
OBD Cable
First attempt: FAILED • Communication was not possible • Subject car does not have CAN on the OBD-II Connector • Only K line was present
SECOND ATTEMPT Direct connection
Connection to car
Second attempt: SUCCESS • A few tries and some info from: http://secuduino.blogspot.ro/2011/04/grupovolkswagen-can-confort.html • Connected to Convenience CAN • Baud rate of 100kb/s • Communication established 
A bit of sniffing… • Found CAN messages from – Door locks – Electric windows • Position of window • Status of button (pressed, not pressed) – Instruments backlighting value – Lots of other data that I couldn’t find a correlation
Some spoofing… • Sending commands that would originate from the Body Control Module
Power windows VIDEO
And some flooding • Sending a very high priority CAN message on the network continuously • Using hardware interrupts so no delays occur
Car door locks VIDEO
Security issues • No authentication of nodes • Messages are not scrambled • Security by obscurity
Counter measures • Researched and developed by many universities and companies: – Efficient Protocols For Secure Broadcast In Controller Area Networks - http://www.aut.upt.ro/~bgroza/Papers/CANSec.pdf – LiBrA-CAN: Lightweight Broadcast Authentication for Controller Area Networks http://www.aut.upt.ro/~bgroza/Papers/LIBRA.pdf – Broadcast Authentication in a Low Speed Controller Area Network http://www.aut.upt.ro/~bgroza/Papers/CANAut.pdf – Low cost multicast network authentication for embedded control systems http://128.2.129.29/research/publications/2012/CMUECE-2012-011.pdf – Many more
CONCLUSIONS
Conclusions • Hacking vehicle networks is EASY • Through trial and error much information can be obtained -> security by obscurity is not sufficient • With great power comes great responsibility – Getting information from the vehicle bus can enhance use of the vehicle – People with bad intentions can cause damages and injuries
Contributors • • • • • Ioan Dubar Alexandru Leipnik Bogdan Groza Alexandru George Andrei My parents
Thank you.

Recomendados

CAN, BY MD.ABDULLAH
CAN, BY MD.ABDULLAHCAN, BY MD.ABDULLAH
CAN, BY MD.ABDULLAHsameer abdullah
 
Halderman ch049 lecture
Halderman ch049 lectureHalderman ch049 lecture
Halderman ch049 lecturemcfalltj
 
CAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolCAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolAbhinaw Tiwari
 
Controller area network protocol
Controller area network protocolController area network protocol
Controller area network protocolSneha Nalla
 
Local Interconnect Network
Local Interconnect NetworkLocal Interconnect Network
Local Interconnect NetworkJabez Winston
 
Canbus presentation
Canbus presentationCanbus presentation
Canbus presentationKurt von Ahnen
 
Design flow for Controller Area Network systems
Design flow for Controller Area Network systemsDesign flow for Controller Area Network systems
Design flow for Controller Area Network systemsAlexios Lekidis
 
Controller Area Network (Basic Level Presentation)
Controller Area Network (Basic Level Presentation)Controller Area Network (Basic Level Presentation)
Controller Area Network (Basic Level Presentation)Vikas Kumar
 

Más contenido relacionado

La actualidad más candente

Controller area network
Controller area networkController area network
Controller area networkCraig Kielb
 
Can bus m.n.r
Can bus m.n.rCan bus m.n.r
Can bus m.n.rMNR85
 
Controller area network (CAN bus) ppt
Controller area network (CAN bus) pptController area network (CAN bus) ppt
Controller area network (CAN bus) pptRaziuddin Khazi
 
Controller Area Network(CAN)
Controller Area Network(CAN)Controller Area Network(CAN)
Controller Area Network(CAN)Ashutosh Bhardwaj
 
Controller area network (can bus)
Controller area network (can bus)Controller area network (can bus)
Controller area network (can bus)nassim unused
 
Can protocol implementation for data communication (2)
Can protocol implementation for data communication (2)Can protocol implementation for data communication (2)
Can protocol implementation for data communication (2)karuna418
 
Control Area Network (CAN) based accident avoidance system
Control Area Network (CAN) based accident avoidance systemControl Area Network (CAN) based accident avoidance system
Control Area Network (CAN) based accident avoidance systemNitin Jagtap
 
D1 b ducati slide rev03_eng
D1 b ducati slide rev03_engD1 b ducati slide rev03_eng
D1 b ducati slide rev03_engKurt von Ahnen
 
CAN Networks
CAN NetworksCAN Networks
CAN Networksjdholly
 
Automotive bus technologies
Automotive bus technologiesAutomotive bus technologies
Automotive bus technologiesRadwa Tarek
 
CONNECTED vehicle ECU.pptx
CONNECTED vehicle ECU.pptxCONNECTED vehicle ECU.pptx
CONNECTED vehicle ECU.pptxVairaPrakash2
 

La actualidad más candente (20)

Can Protocol For Automobiles
Can Protocol For AutomobilesCan Protocol For Automobiles
Can Protocol For Automobiles
 
Ca npp t
Ca npp tCa npp t
Ca npp t
 
Controller area network
Controller area networkController area network
Controller area network
 
Can bus m.n.r
Can bus m.n.rCan bus m.n.r
Can bus m.n.r
 
Controller area network (CAN bus) ppt
Controller area network (CAN bus) pptController area network (CAN bus) ppt
Controller area network (CAN bus) ppt
 
Controller Area Network(CAN)
Controller Area Network(CAN)Controller Area Network(CAN)
Controller Area Network(CAN)
 
Controller area network (can bus)
Controller area network (can bus)Controller area network (can bus)
Controller area network (can bus)
 
Canbus
CanbusCanbus
Canbus
 
Can protocol implementation for data communication (2)
Can protocol implementation for data communication (2)Can protocol implementation for data communication (2)
Can protocol implementation for data communication (2)
 
CAN Bus
CAN BusCAN Bus
CAN Bus
 
CAN- controlled area network
CAN- controlled area networkCAN- controlled area network
CAN- controlled area network
 
Control Area Network (CAN) based accident avoidance system
Control Area Network (CAN) based accident avoidance systemControl Area Network (CAN) based accident avoidance system
Control Area Network (CAN) based accident avoidance system
 
Canbus
CanbusCanbus
Canbus
 
Control Area Network
Control Area NetworkControl Area Network
Control Area Network
 
D1 b ducati slide rev03_eng
D1 b ducati slide rev03_engD1 b ducati slide rev03_eng
D1 b ducati slide rev03_eng
 
CAN Networks
CAN NetworksCAN Networks
CAN Networks
 
Can bus
Can busCan bus
Can bus
 
Automotive bus technologies
Automotive bus technologiesAutomotive bus technologies
Automotive bus technologies
 
Lin bus
Lin busLin bus
Lin bus
 
CONNECTED vehicle ECU.pptx
CONNECTED vehicle ECU.pptxCONNECTED vehicle ECU.pptx
CONNECTED vehicle ECU.pptx
 

Destacado

Google Advertising Network Car Dealer Examples
Google Advertising Network Car Dealer ExamplesGoogle Advertising Network Car Dealer Examples
Google Advertising Network Car Dealer ExamplesRalph Paglia
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...FFRI, Inc.
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual TestingDenim Group
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementCodenomicon
 
Software Security Education at Scale
Software Security Education at ScaleSoftware Security Education at Scale
Software Security Education at ScaleChris Theisen
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Chris Theisen
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Yuji Kosuga
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefensePriyanka Aash
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012DefCamp
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksLionel Briand
 
Storage Area Network(SAN)
Storage Area Network(SAN)Storage Area Network(SAN)
Storage Area Network(SAN)Krishna Kahar
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitecturePriyanka Aash
 

Destacado (17)

Google Advertising Network Car Dealer Examples
Google Advertising Network Car Dealer ExamplesGoogle Advertising Network Car Dealer Examples
Google Advertising Network Car Dealer Examples
 
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
Trend of Next-Gen In-Vehicle Network Standard and Current State of Security(F...
 
Storage Managment
Storage ManagmentStorage Managment
Storage Managment
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
 
Software Security Education at Scale
Software Security Education at ScaleSoftware Security Education at Scale
Software Security Education at Scale
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]
 
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Inje...
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
Autonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and DefenseAutonomous Hacking: The New Frontiers of Attack and Defense
Autonomous Hacking: The New Frontiers of Attack and Defense
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012Attacks Against Captcha Systems - DefCamp 2012
Attacks Against Captcha Systems - DefCamp 2012
 
Automated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection AttacksAutomated and Effective Testing of Web Services for XML Injection Attacks
Automated and Effective Testing of Web Services for XML Injection Attacks
 
Storage Area Network(SAN)
Storage Area Network(SAN)Storage Area Network(SAN)
Storage Area Network(SAN)
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Similar a DefCamp 2013 - In vehicle CAN network security

Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in TransportationOren Elimelech
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network securityFFRI, Inc.
 
Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Iddan Halevy
 
Automobile Computer Security.ppt
Automobile Computer Security.pptAutomobile Computer Security.ppt
Automobile Computer Security.pptNiraj Bhatta
 
Overview of automotive network protocol
Overview of automotive network protocolOverview of automotive network protocol
Overview of automotive network protocolpoojashinde212
 
Automotive electronics Systems by Ravikumar Chilmula
Automotive electronics Systems by Ravikumar ChilmulaAutomotive electronics Systems by Ravikumar Chilmula
Automotive electronics Systems by Ravikumar ChilmulaRavikumar Chilmula
 
J1939 and OBD2 Stack Integrations With IoT Platform for Fleet Safety
J1939 and OBD2 Stack Integrations With IoT Platform for Fleet SafetyJ1939 and OBD2 Stack Integrations With IoT Platform for Fleet Safety
J1939 and OBD2 Stack Integrations With IoT Platform for Fleet SafetyEmbitel Technologies (I) PVT LTD
 
Hackers are the new highway threat
Hackers are the new highway threatHackers are the new highway threat
Hackers are the new highway threatHarman Innovation
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCAplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCTICAnoia
 
ITS "Intelligent Transportation System" Guided Vehicle using IOT Project
ITS "Intelligent Transportation System" Guided Vehicle using IOT ProjectITS "Intelligent Transportation System" Guided Vehicle using IOT Project
ITS "Intelligent Transportation System" Guided Vehicle using IOT ProjectMohamed Abd Ela'al
 
20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet
20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet
20160531 Testing Expo_Benefits and Requirements of Automotive EthernetGuenther Trautzl
 

Similar a DefCamp 2013 - In vehicle CAN network security (20)

Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in Transportation
 
Wfcs2019
Wfcs2019Wfcs2019
Wfcs2019
 
The role obd in Usage Based Insurance in 2015
The role obd in Usage Based Insurance in 2015The role obd in Usage Based Insurance in 2015
The role obd in Usage Based Insurance in 2015
 
Current state of automotive network security
Current state of automotive network securityCurrent state of automotive network security
Current state of automotive network security
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPT
 
automotivecybersecurityppt.pdf
automotivecybersecurityppt.pdfautomotivecybersecurityppt.pdf
automotivecybersecurityppt.pdf
 
UGM CAN PXI
UGM CAN PXIUGM CAN PXI
UGM CAN PXI
 
Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010Feasible car cyber defense - ESCAR 2010
Feasible car cyber defense - ESCAR 2010
 
Automobile Computer Security.ppt
Automobile Computer Security.pptAutomobile Computer Security.ppt
Automobile Computer Security.ppt
 
Wireless Technology -IoT Projects
Wireless Technology -IoT ProjectsWireless Technology -IoT Projects
Wireless Technology -IoT Projects
 
Overview of automotive network protocol
Overview of automotive network protocolOverview of automotive network protocol
Overview of automotive network protocol
 
11.chapters
11.chapters11.chapters
11.chapters
 
Automotive electronics Systems by Ravikumar Chilmula
Automotive electronics Systems by Ravikumar ChilmulaAutomotive electronics Systems by Ravikumar Chilmula
Automotive electronics Systems by Ravikumar Chilmula
 
Embedded Systems in Automotive
Embedded Systems in Automotive Embedded Systems in Automotive
Embedded Systems in Automotive
 
J1939 and OBD2 Stack Integrations With IoT Platform for Fleet Safety
J1939 and OBD2 Stack Integrations With IoT Platform for Fleet SafetyJ1939 and OBD2 Stack Integrations With IoT Platform for Fleet Safety
J1939 and OBD2 Stack Integrations With IoT Platform for Fleet Safety
 
Hackers are the new highway threat
Hackers are the new highway threatHackers are the new highway threat
Hackers are the new highway threat
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCAplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
 
ITS "Intelligent Transportation System" Guided Vehicle using IOT Project
ITS "Intelligent Transportation System" Guided Vehicle using IOT ProjectITS "Intelligent Transportation System" Guided Vehicle using IOT Project
ITS "Intelligent Transportation System" Guided Vehicle using IOT Project
 
20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet
20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet
20160531 Testing Expo_Benefits and Requirements of Automotive Ethernet
 

Más de DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht HackingDefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXDefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFADefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationDefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money downDefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochDefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareDefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber SecurityDefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering holeDefCamp
 

Más de DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Último

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Último (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

DefCamp 2013 - In vehicle CAN network security

  • 1. In vehicle CAN network security An overview
  • 2. Bogdan-Ioan Şuta • System manager at AtoS IT Solutions and Services • Former Embedded C developer at Hella Romania • Graduated Master in Automotive Embedded Software from "Politehnica" University of Timisoara • Interested in computers, cars and anything in between
  • 4. In vehicle networks • Used for information sharing between ECUs (Electronic Control Unit) • Reduce the number of wires needed inside a vehicle between ECUs • Come in many forms: – By medium: two-wire, one-wire, optical, wireless – By protocol: Ethernet, CAN, LIN, FlexRay, MOST, K Line etc.
  • 7. Controller Area Network • • • • • Developed by Robert Bosch GmbH in 1983 Designed for electrically noisy environments Baud rates of up to 1Mb/s Broadcast type network Frames composed of (minimalistic): – ID field – used for arbitration – either 11 or 24 bits long – Data Field – actual transported data - up to 8 bytes – CRC Field – for error correction – 15 bits
  • 9. Hacking vehicle networks • MIT did it: – Comprehensive Experimental Analyses of Automotive Attack Surfaces http://youtu.be/bHfOziIwXic • Blogs made tutorials for it: – Hack a day http://hackaday.com/2013/10/21/can -hacking-introductions/ • Individuals also tried their luck: – http://secuduino.blogspot.ro/2011/04 /grupo-volkswagen-can-confort.html
  • 10. Hacking vehicle networks • Various hardware is available to do it: – The OpenXC Platform http://openxcplatform.com/ – Arduino shields are available http://www.skpang.co.uk/catalog/arduinocanbus-shield-with-usd-card-holder-p-706.html – Custom – any microcontroller with a CAN controller with an CAN transceiver will work
  • 11. At hacking the CAN bus MY ATTEMPTS
  • 12. Proposition • Connect to the CAN bus • Identify messages being transmitted on the bus • Perform spoofing and flood attacks • Do not get into diagnostic based attacks (change odometer, disable immobilizer)
  • 13. Setup • • • • • VW Passat 2001 Breadboard mBed LPC 1768 development board 2x Microchip MCP 2551 CAN tranceivers PC with TerraTerm used for communicating with the mBed • mBed programmed for CAN monitoring, flooding and spoofing • First connection attempt: – Male OBD-II connector connected to the diagnostic port of the CAR • Second attempt: – Twisted pair of conductors from a CAT-5 cable connected at the back of the VW Climatronic
  • 14.
  • 17. First attempt: FAILED • Communication was not possible • Subject car does not have CAN on the OBD-II Connector • Only K line was present
  • 20. Second attempt: SUCCESS • A few tries and some info from: http://secuduino.blogspot.ro/2011/04/grupovolkswagen-can-confort.html • Connected to Convenience CAN • Baud rate of 100kb/s • Communication established 
  • 21. A bit of sniffing… • Found CAN messages from – Door locks – Electric windows • Position of window • Status of button (pressed, not pressed) – Instruments backlighting value – Lots of other data that I couldn’t find a correlation
  • 22. Some spoofing… • Sending commands that would originate from the Body Control Module
  • 24. And some flooding • Sending a very high priority CAN message on the network continuously • Using hardware interrupts so no delays occur
  • 26. Security issues • No authentication of nodes • Messages are not scrambled • Security by obscurity
  • 27. Counter measures • Researched and developed by many universities and companies: – Efficient Protocols For Secure Broadcast In Controller Area Networks - http://www.aut.upt.ro/~bgroza/Papers/CANSec.pdf – LiBrA-CAN: Lightweight Broadcast Authentication for Controller Area Networks http://www.aut.upt.ro/~bgroza/Papers/LIBRA.pdf – Broadcast Authentication in a Low Speed Controller Area Network http://www.aut.upt.ro/~bgroza/Papers/CANAut.pdf – Low cost multicast network authentication for embedded control systems http://128.2.129.29/research/publications/2012/CMUECE-2012-011.pdf – Many more
  • 29. Conclusions • Hacking vehicle networks is EASY • Through trial and error much information can be obtained -> security by obscurity is not sufficient • With great power comes great responsibility – Getting information from the vehicle bus can enhance use of the vehicle – People with bad intentions can cause damages and injuries