Complyify Car Hacking & Cyber Risk
•
0 likes•41 views
The document discusses techniques for hacking into a car's CAN bus system to manipulate functions. It provides recommendations for CAN bus hardware, software tools like Wireshark and CAN utilities for Linux, and general techniques for capturing CAN traffic, identifying packet senders, decoding packets, replaying packets, and sending new packets. Potential risks are noted. Resources for further information on car hacking are also included.
Complyify Car Hacking & Cyber Risk
- 2. We help mid-sized companies measure and manage cybersecurity risk
- 4. Car Hacking 101 No EE Edition
- 7. CAN-L CAN-H
- 15. 0V
- 16. 9V
- 17. 9V +9V = Binary 1 0V = Binary 0
- 22. derp
- 24. CAN BUS Advantages for embedded > ethernet • Simplicity • Reliability • Cost Disadvantages (opportunities to h4x0r) • Bus - all nodes get all traffic • Bus - common mode attacks • Bus - no network access control
- 26. EVERYTHING I’M ABOUT TO DISCUSS IS POTENTIALLY LIFE THREATENING DON’T MESS WITH 2-TON METAL MACHINES THAT CAN KILL YOU (i.e., please don’t sue me)
- 28. CAN BUS GETTING STARTED KIT RECOMMENDATIONS • USB-CAN Style Adapter • Isolation ideal for automotive applications • Get ODB-II adapter, not a fixed ODB-II interface • Make sure it supports at least 1Mbps CAN • Make sure it supports SocketCAN (Linux) • Stay away from ELM327 chips
- 30. SOFTWARE • Linux (VirtualBox works fine) • SocketCAN • CAN Utils • Wireshark
- 31. GENERAL TECHNIQUE • Capture • Fiddle • Identify Sender • Decode packet • Test replay with virtual CAN interface • Send packets for real
- 32. DEMONSTRATION • Already Done (not shown in demo): • Installing VirtualBox (or other VM host) • Installing Kali Linux (includes Wireshark, etc) • Installing can-utils: apt install -y can-utils • Compiling SavvyCAN (see GitHub README)
- 33. TRICKS & GOTCHAS • Sequence numbers in packets • Multi-sourced data agreement filters • Bus termination • CAN firewalls • Multiple CAN busses • Data recorders
- 34. Resources Car Hacking eBook http://opengarages.org/handbook/ebook/ Car Hacking Edu / Events https://www.carhackingvillage.com/ Community DBC Files https://github.com/commaai/opendbc SavvyCAN (not in vendor pkg mgmt) https://github.com/collin80/SavvyCAN Find Me sean@comply.cloud Twitter @seanbruton complyify.com Now Hiring Dallas or Austin • Security Product Manager • Security Assessor • Developers