Car Hacking for Ethical Hackers

Similar documents
Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

Experimental Security Analysis of a Modern Automobile

Security Analysis of modern Automobile

Offense & Defense in IoT World. Samuel Lv Keen Security Lab, Tencent

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Security Concerns in Automotive Systems. James Martin

Preventing Cyber Attacks on Aftermarket Connectivity Solutions Zach Blumenstein, BD Director Argus Cyber Security

Secure Software Update for ITS Communication Devices in ITU-T Standardization

Security Issues in Controller Area Networks in Automobiles

An Experimental Analysis of the SAE J1939 Standard

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

Diagnostic Trends 2017 An Overview

Automotive Attack Surfaces. UCSD and University of Washington

CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018

Development of Intrusion Detection System for vehicle CAN bus cyber security

TELE3119 Trusted Networks Lab 1(a),(b) Sniffing wireless traffic

How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Connect Vehicles: A Security Throwback

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Future Implications for the Vehicle When Considering the Internet of Things (IoT)

Automobile Design and Implementation of CAN bus Protocol- A Review S. N. Chikhale Abstract- Controller area network (CAN) most researched

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Hacking the CAN Bus: Basic Manipulation of a Modern Automobile Through CAN Bus Reverse Engineering

Vehicle To Android Communication Mode

Securing the Autonomous Automobile

Hardening Attack Vectors to cars by Fuzzing

The case for a Vehicle Gateway.

Examining future priorities for cyber security management

13W-AutoSPIN Automotive Cybersecurity

EVOLVE-R INSTALLATION MANUAL BMW E46 M3

BOSCH CASE STUDY. How Bosch Has Benefited from GENIVI Adoption

EVOLVE-R INSTALLATION MANUAL BMW X5/6M

A NEW CONCEPT IN OTA UPDATING FOR AUTOMOTIVE

Autorama, Connecting Your Car to

CSC 4992 Cyber Security Practice

Cybersecurity Challenges for Connected and Automated Vehicles. Robert W. Heller, Ph.D. Program Director R&D, Southwest Research Institute

Security and Performance Benefits of Virtualization

Black Hat USA 2016 Survey Report

Presentation's title

Agenda. About TRL. What is the issue? Security Analysis. Consequences of a Cyber attack. Concluding remarks. Page 2

Application. Diagnosing the dashboard by the CANcheck software. Introduction

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

CANSPY A Platform for Auditing CAN Devices

Vehicle Electronic Security and "Hacking" Your Car

Fast and Vulnerable A Story of Telematic Failures

VEHICLE FORENSICS. Infotainment & Telematics Systems. Berla Corporation Copyright 2015 by Berla. All Rights Reserved.

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Turbocharging Connectivity Beyond Cellular

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

KPIT S Connected Vehicle Practice

Emerging Requirements for Next Generation Systems on Module (SOMs) and Single-Board Computers (SBCs)

Countermeasures against Cyber-attacks

Automotive Cyber Security

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

e-pg Pathshala Subject : Computer Science Paper: Embedded System Module: Microcontrollers and Embedded Processors Module No: CS/ES/2 Quadrant 1 e-text

Intrusion Detection Adapted for Automotive Challenges for Hardware - An Implementation Example

Current Security Issue Demonstration Paper: Exploiting ZigBee Networks

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Automotive Cybersecurity: Meeting the High-Stakes Challenge

Contents in Detail. Acknowledgments

Uptane. Securing Over-the-Air Updates Against Nation State Actors. Justin Cappos New York University

ELEC 5260/6260/6266 Embedded Computing Systems

The Future of Mobility

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

from SCADA to IoT Cyber Security Bogdan Matache - Romania 2015

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

Used Delightedly, User-Friendly MARUTI,MAZDA,MITSUBISHI,NISSAN,SUBARU,SUZUKI,TOYOTA, TATA, CHRYSLER, 8

User s Guide Version 0.5.1

Fig Data flow diagram and architecture when using the TCUP Cloud Server for PaaS for the Developers and large

ENABLING MOBILE INTERFACE BRIDGING IN ADAS AND INFOTAINMENT APPLICATIONS

AUTOMOBILE APPLICATIONS USING CAN PROTOCOL

OBD Auto Doctor. User Manual for ios (iphone and ipad) Copyright 2018 Creosys Ltd

Security Challenges with ITS : A law enforcement view

Automotive Cybersecurity: A steep learning curve

Innovation policy for Industry 4.0

Overview on CMS presentation sharing with Skype for Business using Expressway-E as TURN server - Cisco

Preliminary Design Report A Wireless ECU Monitoring System Team WEMS 27 January 2009

TELE3119 Trusted Networks Lab 1 (a), (b) Sniffing wireless traffic

SupverVAG K+CAN User Manual

ELEC 5260/6260/6266 Embedded Computing Systems

Design & separation of CAN applications

Uptane: Securely Updating Automobiles. Sam Weber NYU 14 June 2017

Spectrum for Intelligent Transport Systems

CAN Obfuscation by Randomization (CANORa)

HARDSPLOIT. Framework for Hardware Security Audit a bridge between hardware & a software pentester

Assignment 4. Developing Operational Profiles. Due Date: November 21, Group Number: 6

Lab 1: Packet Sniffing and Wireshark

Syslog Technologies Innovative Thoughts

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016

SECURING THE CONNECTED ENTERPRISE.

VS Omni. Consumer How-To Guide. CTSG-VSO100a. Copyright 2018 Hayward Industries Inc.

StealthOne Owner s Manual StealthOne Software Version 1.6

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

iobd2 MFi BT VAG Adapter User Manual

The House Intelligent Switch Control Network based On CAN bus

Introduction to Networked Embedded Systems and Course Description. Song Han Office: ITEB 355

WeVe: When Smart Wearables Meet Intelligent Vehicles

Transcription:

Car Hacking for Ethical Hackers Dr. Bryson Payne, GPEN, CEH, CISSP UNG Center for Cyber Operations (CAE-CD) 2016-2021 Languages Leadership Cyber

Why Car Hacking? Internet-connected and self-driving cars have become more commonplace datacenters on wheels Highly publicized hacks against production cars in the news Securing smart cars is matter of public and individual safety Integrates well into an ethical hacking/reverse engineering course or program of study, across all 7 NICE CWF categories

Introduction Self-driving cars have logged millions of miles with significantly fewer accidents than human drivers Rapid adoption of driver-assist, semi-autonomous, and internet-connected features makes Car Hacking timely topic Automobile networks increasingly complex, 10 s of millions of lines of code, decades-old protocols with little security Tools needed to access Controller Area Networks (CAN) range from under $20 to $80 USD, plus open-source utils

Goals Describe implementation of hands-on car-hacking module in an ethical hacking computer security course Detailed setup of free, open-source car-hacking tools Demonstration of a replay attack on a virtual CAN network Show low-cost tools needed to test vehicle security in real automobiles Using Kali Linux, can-utils, ICSim, scantool, Wireshark, tcpdump -> crossover with pentesting, NetSec, IoTSec

Background Automobiles increasingly sophisticated but CAN bus is largely unchanged, unauthenticated UDP network since 1991 2016 Ford F150 unveiled at CES: 150 million lines of code?!?! Broad attack surfaces: Bluetooth, Wi-Fi, 4G LTE, USB, OBD-II Car hacking shares similarities with hacking other networked devices: network sniffer, open-source tools, reverse engineer Good tie-in to ethical hacking/reveng/netsec courses

Intro to the CAN Bus CAN (controller area network) bus enables communication between the vehicle s sensors and its various electronic control units (ECUs) Modern production cars can have 70 or more ECUs: engine, airbags, anti-lock brakes, tail lights, entertainment system, Message-based protocol standardized in 1991 by Bosch UDP fewer comm delays, broadcast over fewer wires 8-16 bytes, no addresses, just priority value/id

Brief History of Car-Hacking 2011 UCSD (Checkoway et al.) hack 2011 Chevy Malibu lock up brakes while driving w/ two different remote attacks 2015 Miller and Valasek remotely controlled steering, braking, acceleration, A/C, stereo, etc. in 2015 Jeep Cherokee Researchers recommended TLS encryption were shocked to learn CAN would need to implement TCP first 2016 Tesla Model S, 2018 BMW i3 by Tencent s Keen Security Lab

Open-Source Toolkits for Car Hacking CAN Utilities (can-utils) included in some Linux distros, most package installer repositories Instrument Cluster Simulator (ICSim) from OpenGarages.org Scantool, Wireshark, tcpdump Easy to set up on Kali Linux Other favorites?

Implementation Virtual machine running Kali Linux (VBox, VMware) Dependencies: sudo apt-get update sudo apt-get install libsdl2-dev libsdl2-image-dev sudo apt-get install can-utils Install ICSim: git clone https://github.com/zombiecraig/icsim.git

Implementation (cont) Prepare Virtual CAN Network: sh ICSim/setup_vcan.sh Verify vcan0 network link is active: ifconfig Run ICSim in three terminal windows: ~/ICSim/icsim vcan0 ~/ICSim/controls vcan0 cansniffer -c vcan0

DEMO: Replay Attack Replay attack is classic, works on many IoT and some ICS systems Capture CAN bus packets: candump -l vcan0 {-l is lowercase L for log } Replay CAN bus packets: canplayer -I candump-2018-07-23_083845.log Turn off controller window, ICSim will run from log data

Extending to Real Life Automobiles Easy first step is just displaying OBD-II (on-board diagnostic port) data on PC/Mac/Linux ScanTool (free, open-source) and an OBDLink cable ($29) give you full OBD access ScanTool: sudo apt-get install scantool scantool Connect OBDLink to your Kali VM Devices > USB > ScanTool OBDLink

Car Hacking on a Real Automobile OBDLink may be readable on ttyusb/usbmonx as serial data, but unreliable in practice Need true CAN to USB connection Cheapest: CANable $29.95 shown here-> from canable.io direct wiring to CAN pins Less MacGyver-ish and more durable: CANtact ($65) plus OBD-CAN cable ($10) shown here ->

Further Extension: Hack the Car Hacking SW ICSim is open-source, as are can-utils, scantool, etc. Fun extension: hack the car-hacking tools! Change the max speed of the ICSim dashboard speedometer: In controls.c, change #define MAX_SPEED 90.0 to #define MAX_SPEED 300.0 Then, make and run

Conclusion You can set up free, open-source car-hacking software for your classes and for your own automotive security research Go to BrysonPayne.com for a shortened/condensed version of these instructions JCERP publication forthcoming with full, step-by-step instructions, all commands, references, resources

UNG Center for Cyber Operations Education NSA/DHS National Center of Academic Excellence in Cyber Defense (CAE-CD) 2016-2021 Languages Leadership Cyber http://www.ung.edu/cyber

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback