SECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University

Similar documents
C1: Define Security Requirements

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

OWASP Review. Amherst Security Group June 14, 2017 Robert Hurlbut.

Your Turn to Hack the OWASP Top 10!

Applications Security

Certified Secure Web Application Engineer

OWASP Top 10 The Ten Most Critical Web Application Security Risks

OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES

SECURITY TESTING. Towards a safer web world

Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

Automotive Cyber Security

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Bank Infrastructure - Video - 1

Atlassian. Atlassian Software Development and Collaboration Tools. Bugcrowd Bounty Program Results. Report created on October 04, 2017.

Web Application Vulnerabilities: OWASP Top 10 Revisited

Finding Architectural Flaws in Android Apps Is Easy

Application Security Approach

Web Application Security. Philippe Bogaerts

6-Points Strategy to Get Your Application in Security Shape

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology

CSWAE Certified Secure Web Application Engineer

Application. Security. on line training. Academy. by Appsec Labs

1 About Web Security. What is application security? So what can happen? see [?]

EPRI Software Development 2016 Guide for Testing Your Software. Software Quality Assurance (SQA)

Web Applications Penetration Testing

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

PRESENTED BY:

Solutions Business Manager Web Application Security Assessment

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

What Ails Our Healthcare Systems?

GOING WHERE NO WAFS HAVE GONE BEFORE


Trusted Platform Modules Automotive applications and differentiation from HSM

OWASP TOP 10. By: Ilia

Tale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS

Web Application Threats and Remediation. Terry Labach, IST Security Team

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Application Layer Security

Security Communications and Awareness

Copyright

TIBCO Cloud Integration Security Overview

COMP9321 Web Application Engineering

Security Concerns in Automotive Systems. James Martin

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

EasyCrypt passes an independent security audit

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Aguascalientes Local Chapter. Kickoff

THREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

IoT & SCADA Cyber Security Services

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Introductions. Jack Katie

Application vulnerabilities and defences

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

The Android security jungle: pitfalls, threats and survival tips. Scott

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

WEB APPLICATION SCANNERS. Evaluating Past the Base Case

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

IBM Future of Work Forum

Managed Application Security trends and best practices in application security

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

NC1701 ENHANCED VEHICLE COMMUNICATIONS CONTROLLER

Large Scale Generation of Complex and Faulty PHP Test Cases

Exploiting and Defending: Common Web Application Vulnerabilities

Preventing External Connected Devices From Compromising Vehicle Systems Vector Congress November 7, 2017 Novi, MI

Integrity attacks (from data to code): Cross-site Scripting - XSS

Security: Internet of Things

OWASP Top David Johansson. Principal Consultant, Synopsys. Presentation material contributed by Andrew van der Stock

Security Communications and Awareness

MBFuzzer - MITM Fuzzing for Mobile Applications

PEACHTECH PEACH API SECURITY AUTOMATING API SECURITY TESTING. Peach.tech

Development of Intrusion Detection System for vehicle CAN bus cyber security

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

eb Security Software Studio

COMP9321 Web Application Engineering

Sichere Webanwendungen mit Java

Mitigating Security Breaches in Retail Applications WHITE PAPER

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Using Open Tools to Convert Threat Intelligence into Practical Defenses A Practical Approach

Application Security. Doug Ashbaugh CISSP, CISA, CSSLP. Solving the Software Quality Puzzle

Developing Secure Systems. Associate Professor

Development Security Guide Oracle Banking Virtual Account Management Release July 2018

Development*Process*for*Secure* So2ware

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Secure Programming Techniques

Transcription:

SECURITY OF VEHICLE TELEMATICS SYSTEMS Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University 1

2

3

TELEMATICS 4

TELEMATICS 5

OBD-II On-Board Diagnostic Perform emissions related diagnostics; Collect information from electronic control units (ECU); Set ECU parameters; Monitor engine and vehicle and even driver behaviors; It can be exploited to attack the vehicle if a malicious dongle is plugged into it. 6

CAN BUS Controller Area Network Data exchange among ECUs More than one CAN bus in a vehicle Eg: Infotainment CAN bus, Comfort CAN bus, Diagnostic CAN bus Each CAN bus has multiple ECUs Messages in different CAN buses are exchanged via gateway. OBD-II port is directly connected to gateway. External devices plugged into OBD-II port can access ECUs through gateway. 7

CONTENT Attack Surface of Telematics Systems A Vulnerable Telematics System Remote Attacks How to Fix the Vulnerability? Summary 8

9 9

APP OWASP MOBILE TOP 10 M1 - Improper Platform Usage M2 - Insecure Data Storage M3 - Insecure Communication M4 - Insecure Authentication M5 - Insufficient Cryptography M6 - Insecure Authorization M7 - Client Code Quality M8 - Code Tampering M9 Reverse Engineering M10 Extraneous Functionality https://www.owasp.org/index.php/mobile_top_10_2016-top_10 10

WEB SERVICES OWASP WEB TOP 10 A1 - Injection A2 Broken Authentication and Session Management A3 Cross-Site Scripting (XSS) A4 Insecure Direct Object References A5 Security Misconfiguration A6 Sensitive Data Exposure A7 Missing Function Level Access Control A8 Cross-Site Request Forgery (CSRF) A9 Using Components with Known Vulnerabilities A10 Unvalidated Redirects and Forwards https://www.owasp.org/index.php/top_10_2013-table_of_contents 11

DEVICES Insufficient Authentication/Authorization Lack of Transport Encryption Insecure Mobile Interface Insufficient Security Configurability Insecure Software/Firmware Poor Physical Security https://www.owasp.org/images/7/71/internet_of_things_top_ten_2014-owasp.pdf 12

CONTENT Attack Surface of Telematics Systems A Vulnerable Telematics System Remote Attacks How to Fix the Vulnerability? Summary 13

DISCLAIMER For this vulnerable telematics device, we have informed the corresponding company about the vulnerabilities and how to patch them with the help of HKCERT. 14

DEVICE Microprocessor + Bluetooth + CAN No W/R protection Communicate with its app through Bluetooth Top Board: Bluetooth Bottom Board: MCU + CAN 15

DEVICE Extract the original firmware! JTAG Connection Readout via J-Flash Success! 16

Bluetooth Communication Data FIRMWARE Analyse Firmware Commands Readout Bin APP Logs: Control Data 17

APP 18

APP Code Snippet No obfuscation and hardening!!!

COMMUNICATION BETWEEN APP AND DEVICE Scan BluetoothSocket Connect Write Read Close 20

COMMUNICATION PROTOCOL Reverse-engineering the firmware update protocol Split the bin file into fragments ATLOCK0 ATBOOT ATBOOT ATBOOT ATBOOT Send the 1 st fragment Send the 2 nd fragment Send the last fragment Send 0x04 ACK: >OK ACK: ELM 327 V1.5 ACK: XXXXXX 627 V1.6.1035 ACK: >ATBOOT ACK: 0x15 0x42 ACK: 0x06 0x44 0x0D ACK: 0x06 0x44 0x0D ACK: 0x06 0x44 0x0D ACK: 0x06 0x44 0x0D 21 Install the new Firmware!

REPLACE THE FIRMWARE Prepare the POC malicious firmware Re-Implement some original functions Drivers Attack Functions Power CAN Bluetooth Automated attacks that will be executed if conditions are satisfied. Customized attacks triggered by commands sent through Bluetooth Hardware Attack Methods 22

CONTENT Attack Surface of Telematics Systems A Vulnerable Telematics System Remote Attacks How to Fix the Vulnerability? Summary 23

EXPLOIT Replace the original firmware with a malicious firmware! OutputStream.write(byte[]) OutputStream.flush() Send command Receive response InputStream.read() 24

ATTACKS Attack the vehicle directly Inform the victim fake information 25

ATTACKS Send fake data to the back-end service Attack the back-end service 26

DEMO SETTINGS Volkswagen Magotan 1.8T 2015 The vulnerable telematics device Android smartphone with a PoC attack app 27

Deploy malicious firmware POC Attack Open/Close Windows Fold/Unfold Mirrors Unlock/Lock Doors 28

29

CONTENT Attack Surface of Telematics Systems A Vulnerable Telematics System Remote Attacks How to Fix the Vulnerability? Summary 30

APP SECURITY Secure data storage Secure communication Authentication Verify the update/firmware downloaded from the backend service Obfuscation and hardening 31

DEVICE SECURITY Verify the firmware before installing it Protect the existing firmware Avoid weak/default passwords Encrypt the traffic Mutual authentication 32

WEB SERVICE SECURITY https://www.owasp.org/images/9/9a/owasp_cheatsheets_book.pdf https://www.owasp.org/images/1/19/otgv4.pdf 33

SUMMARY Attack surface of vehicle telematics systems Device, Communication, App, Backend service Securing vehicle telematics systems Security, safety, reliability, resilience, privacy Monitoring, analysis, and management Thanks my group members for contributing to this research: Dawei Lyu, Lei Xue, Le Yu, Shengtuo Hu We have been conducting research on mobile security, network and system security, IoT security, etc. https://www4.comp.polyu.edu.hk/~csxluo/ 34

35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback