SlideShare uma empresa Scribd logo

DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs

Guy Boulianne
Guy Boulianne

DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs

Tecnologia
1 de 27
Baixar para ler offline
Computer Science / www.isec.utulsa.edu How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles Jason Staggs
Computer Science / www.isec.utulsa.edu Who is this guy? • Jason Staggs – Graduate Research Assistant • Institute for Information Security (iSec) • Crash Reconstruction Research Consortium (TU-CRRC) – TRUE Digital Security • Cyber Security Analyst
Computer Science / www.isec.utulsa.edu Why do we hack cars? • Related work – “Experimental Security Analysis of a Modern Automobile” – “Comprehensive Experimental Analyses of Automotive Attack Surfaces” • Understanding computer and network systems on cars – Underlying CAN protocol and components lack of authentication and verification of messages • Understanding potential points of vulnerability – Vehicle network security is in its infancy • But most importantly…
Computer Science / www.isec.utulsa.edu To prevent this…
Computer Science / www.isec.utulsa.edu From turning into this…
Computer Science / www.isec.utulsa.edu Because of this...
Computer Science / www.isec.utulsa.edu CAN Clock Project • Research project developed as a proof of concept – Manipulating CAN nodes via CAN network – Reverse engineering CAN messages – 2003 Mini Cooper
Computer Science / www.isec.utulsa.edu Vehicle communication networks • Common vehicle protocols – CAN (Most widely used among manufactures) – FlexRay – LIN – MOST – J1850 (GM/Chrysler) – J1939 (Heavy Trucks) – J1708/J1587 (Being phased out due to J1939) • 2008: All US cars use CAN for mandated EPA diag.
Computer Science / www.isec.utulsa.edu Interconnected vehicle networks
Computer Science / www.isec.utulsa.edu Controller Area Networks • Bosch CAN standard – Developed in the 80s – European automotive manufactures were early adopters – Multi-master broadcast message system – Standard Format • 11-bit message ID • 2^11 or 2048 possible message IDs • MFG. use of proprietary IDs for their ECUs – Extended Format • 29-bit message ID • 2^29 or 537 million message IDs • Used extensively by J1939
Computer Science / www.isec.utulsa.edu CAN Frame – SOF – Start of Frame – Identifier – Unique identifier for message along with priority – RTR – Remote Transmission Request – IDE – Identifier extension (distinguishes between CAN standard and CAN extended) – DLC – Data Length Code (frames have up to 8 bytes of data) – CRC – Cyclic Redundant Check sum – ACK – Acknowledge – EOF – End of Frame – IFS – Intermission Frame Space
Computer Science / www.isec.utulsa.edu Electronic Control Units (ECUs) • ECUs designed to control: – Vehicle safety systems • Engine control unit • ABS braking system • Door locks – Non safety critical systems • Radio deck • HVAC system – The list goes on… • Programmable ECUs – Allows MFGs to update firmware on ECUs • Average modern day car has ~70 ECUs
Computer Science / www.isec.utulsa.edu Reverse Engineering CAN Messages • What we want to do: – Manipulate CAN enabled vehicle components (Instrument Cluster) • Problem: – Manufactures do not publish CAN message information about specific CAN components (ECUs) • Message IDs • Payload information (Byte offsets) • Solution: – A method for visually correlating physical system interactions with identifiable patterns. (Humans are good at this) – Fuzzing (DANGER WILL ROBINSON!!!)
Computer Science / www.isec.utulsa.edu Reverse Engineering CAN Messages • Passively captured CAN traffic during a staged test run – In this case it was a staged automotive collision..  – Mini Cooper vs. GMC Envoy (Check out TU-CRRC website for killer crash videos) – Data capture lasted for roughly 90 seconds • Data Log gives us ~106,000 data entries of CAN messages
Computer Science / www.isec.utulsa.edu
Computer Science / www.isec.utulsa.edu CAN Data Log • Contained ~106,000 data entries • Bash “cut –d. –f3 cooperheadion.txt | sort | uniq –c” – Only 15 Unique CAN IDs!? Message Frequency CAN IDs 12706 153 12706 1F0 12706 1F3 9460 1F5 12707 1F8 8899 316 8899 329
Computer Science / www.isec.utulsa.edu Visually Identifying CAN Messages of Interest Message ID 0x153 Vehicle Speed
Computer Science / www.isec.utulsa.edu ` 0 5 10 15 20 25 30 0 10 20 30 40 50 60 70 80 90 100 Vehicle Speed (MPH) Time (sec) 0x153 Byte 2 CAN Message
Computer Science / www.isec.utulsa.edu Reverse Engineering CAN Messages • Speedometer and Tachometer Message IDs – 2 methods • For each message ID, plot data values vs. timestamp in order to determine physical significance. • Given possible CAN IDs, fuzz data fields until needles start moving CAN Message ID Description 0x153 Byte 2 Speedometer (Vehicle Speed) 0x316 Byte 3 Tachometer (Engine Speed) 0x329 Various indicator lights 0x61A Controls the messages being displayed on the tachometer LED screen 0x61F Tachometer along with various indicator lights
Computer Science / www.isec.utulsa.edu Building the CAN Clock and Network • CAN Bus – 18 gauge wire – 2 x 120 ohms terminating resistors – 12V DC power source – Arduino Uno microcontroller – CAN Bus Shield • MCP2515 CAN controller • MCP2551 CAN transceiver – Mini Cooper Instrument Cluster – Real time clock module RTC (for clock mode) Computer Science / www.isec.utulsa.edu
Computer Science / www.isec.utulsa.edu
Computer Science / www.isec.utulsa.edu CAN Clock Proof of Concept • Talking CAN with Arduino – Arduino and CAN Controller Libraries • MCP2515 (Communication with CAN transceiver) • SPI (Used for communications between Arduino and CAN shield) • 2 Modes of operation – Clock Mode – Demo Mode
Computer Science / www.isec.utulsa.edu Demo
Computer Science / www.isec.utulsa.edu Gaining Physical Access to CAN Bus • Via OBD2 • Tapping the CAN bus (vampire tap) – Under the hood – Breaking a powered side view mirror – Etc. • 0 to pwned for less then $100 – Rogue Arduino CAN node • Potential conspirators – Mechanics – Car Rentals – Coworkers/Family/Friends/Valets/Ex-girlfriends/etc.
Computer Science / www.isec.utulsa.edu Conclusion / Future Work • Better access control between vehicle network components – ECU to ECU – OBD2 to ECU • Applying conventional NIPS & firewall methods to CAN – Message anomaly prevention depending on context?
Computer Science / www.isec.utulsa.edu For more Information • TU Research – http://isec.utulsa.edu/ – http://tucrrc.utulsa.edu/ ← Check out our research and crash tests  – http://tucrrc.utulsa.edu/canclock/ • CAN Standards/Docs – http://esd.cs.ucr.edu/webres/can20.pdf (CAN 2.0 Spec) – http://www.sae.org/standards/
Computer Science / www.isec.utulsa.edu Questions?? • jason-staggs@utulsa.edu

Recomendados

Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Mattias Jidhage
 
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCAplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCTICAnoia
 
Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in TransportationOren Elimelech
 
Gentlemen, Start Your Engines 20120419
Gentlemen, Start Your Engines 20120419Gentlemen, Start Your Engines 20120419
Gentlemen, Start Your Engines 20120419Mattias Jidhage
 
"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLoveAleksandr Timorin
 
CANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devicesCANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devicesPriyanka Aash
 
Automotive network and gateway simulation
Automotive network and gateway simulationAutomotive network and gateway simulation
Automotive network and gateway simulationDeepak Shankar
 
Fast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of ThingsFast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of ThingsIoannis Papapanagiotou
 

Recomendados

Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Gentlemen, Start Your Engines 20120514
Gentlemen, Start Your Engines 20120514Mattias Jidhage
 
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCAplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLC
Aplicacions de 5G al IoT i la Indústria 4.0: mMTC i URLLCTICAnoia
 
Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in TransportationOren Elimelech
 
Gentlemen, Start Your Engines 20120419
Gentlemen, Start Your Engines 20120419Gentlemen, Start Your Engines 20120419
Gentlemen, Start Your Engines 20120419Mattias Jidhage
 
"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLove"The Great Train Cyber Robbery" SCADAStrangeLove
"The Great Train Cyber Robbery" SCADAStrangeLoveAleksandr Timorin
 
CANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devicesCANSPY: A platform for auditing CAN devices
CANSPY: A platform for auditing CAN devicesPriyanka Aash
 
Automotive network and gateway simulation
Automotive network and gateway simulationAutomotive network and gateway simulation
Automotive network and gateway simulationDeepak Shankar
 
Fast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of ThingsFast and Scalable Authentication for Vehicular Internet of Things
Fast and Scalable Authentication for Vehicular Internet of ThingsIoannis Papapanagiotou
 
The Smarter Car for Autonomous Driving
The Smarter Car for Autonomous Driving The Smarter Car for Autonomous Driving
The Smarter Car for Autonomous DrivingHeiko Joerg Schick
 
CAN Bus
CAN BusCAN Bus
CAN Busmbedlabs Technosolutions
 
Introduction to the CAN-HG augmentation of CAN for security and performance
Introduction to the CAN-HG augmentation of CAN for security and performanceIntroduction to the CAN-HG augmentation of CAN for security and performance
Introduction to the CAN-HG augmentation of CAN for security and performanceKenTindell
 
High-Tech Printed Circuit Boards Overview
High-Tech Printed Circuit Boards OverviewHigh-Tech Printed Circuit Boards Overview
High-Tech Printed Circuit Boards OverviewEpec Engineered Technologies
 
17 october embedded seminar
17 october embedded seminar17 october embedded seminar
17 october embedded seminarAmir Sherman
 
Embedded system
Embedded systemEmbedded system
Embedded systemTamil Lakshmanan
 
Safety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical SystemSafety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical SystemAleksandr Timorin
 
Wfcs2019
Wfcs2019Wfcs2019
Wfcs2019Alexios Lekidis
 
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSDeepak Shankar
 
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security ImplicationsAutomotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security ImplicationsAanjhan Ranganathan
 
Can based collision aviodance system for automobiles
Can based collision aviodance system for automobilesCan based collision aviodance system for automobiles
Can based collision aviodance system for automobilesPurnima Kurella
 
Asia 14-garcia-illera-dude-wtf-in-my-can
Asia 14-garcia-illera-dude-wtf-in-my-canAsia 14-garcia-illera-dude-wtf-in-my-can
Asia 14-garcia-illera-dude-wtf-in-my-caninjenerzntu
 
Remote Detonation System
Remote Detonation System Remote Detonation System
Remote Detonation System obstruction lights
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Maximizing High-Performance Applications with CAN Bus
Maximizing High-Performance Applications with CAN BusMaximizing High-Performance Applications with CAN Bus
Maximizing High-Performance Applications with CAN BusICS
 
Maximizing High Performance Applications with CAN Bus
Maximizing High Performance Applications with CAN BusMaximizing High Performance Applications with CAN Bus
Maximizing High Performance Applications with CAN BusJanel Heilbrunn
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousSergey Gordeychik
 
Creating The World’s First
Creating The World’s First Creating The World’s First
Creating The World’s First Bristol Is Open
 
FBI - Document anti-catholique
FBI - Document anti-catholiqueFBI - Document anti-catholique
FBI - Document anti-catholiqueGuy Boulianne
 
Tableau de la coercition de Biderman
Tableau de la coercition de BidermanTableau de la coercition de Biderman
Tableau de la coercition de BidermanGuy Boulianne
 

Mais conteúdo relacionado

Semelhante a DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs

The Smarter Car for Autonomous Driving
The Smarter Car for Autonomous Driving The Smarter Car for Autonomous Driving
The Smarter Car for Autonomous DrivingHeiko Joerg Schick
 
Introduction to the CAN-HG augmentation of CAN for security and performance
Introduction to the CAN-HG augmentation of CAN for security and performanceIntroduction to the CAN-HG augmentation of CAN for security and performance
Introduction to the CAN-HG augmentation of CAN for security and performanceKenTindell
 
17 october embedded seminar
17 october embedded seminar17 october embedded seminar
17 october embedded seminarAmir Sherman
 
Safety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical SystemSafety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical SystemAleksandr Timorin
 
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSDeepak Shankar
 
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security ImplicationsAutomotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security ImplicationsAanjhan Ranganathan
 
Can based collision aviodance system for automobiles
Can based collision aviodance system for automobilesCan based collision aviodance system for automobiles
Can based collision aviodance system for automobilesPurnima Kurella
 
Asia 14-garcia-illera-dude-wtf-in-my-can
Asia 14-garcia-illera-dude-wtf-in-my-canAsia 14-garcia-illera-dude-wtf-in-my-can
Asia 14-garcia-illera-dude-wtf-in-my-caninjenerzntu
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsShah Sheikh
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Maximizing High-Performance Applications with CAN Bus
Maximizing High-Performance Applications with CAN BusMaximizing High-Performance Applications with CAN Bus
Maximizing High-Performance Applications with CAN BusICS
 
Maximizing High Performance Applications with CAN Bus
Maximizing High Performance Applications with CAN BusMaximizing High Performance Applications with CAN Bus
Maximizing High Performance Applications with CAN BusJanel Heilbrunn
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousSergey Gordeychik
 
Creating The World’s First
Creating The World’s First Creating The World’s First
Creating The World’s First Bristol Is Open
 

Semelhante a DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs (20)

The Smarter Car for Autonomous Driving
The Smarter Car for Autonomous Driving The Smarter Car for Autonomous Driving
The Smarter Car for Autonomous Driving
 
CAN Bus
CAN BusCAN Bus
CAN Bus
 
Introduction to the CAN-HG augmentation of CAN for security and performance
Introduction to the CAN-HG augmentation of CAN for security and performanceIntroduction to the CAN-HG augmentation of CAN for security and performance
Introduction to the CAN-HG augmentation of CAN for security and performance
 
High-Tech Printed Circuit Boards Overview
High-Tech Printed Circuit Boards OverviewHigh-Tech Printed Circuit Boards Overview
High-Tech Printed Circuit Boards Overview
 
17 october embedded seminar
17 october embedded seminar17 october embedded seminar
17 october embedded seminar
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Safety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical SystemSafety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical System
 
Wfcs2019
Wfcs2019Wfcs2019
Wfcs2019
 
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERSROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
ROLE OF DIGITAL SIMULATION IN CONFIGURING NETWORK PARAMETERS
 
Automotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security ImplicationsAutomotive Electronics - Internals and Security Implications
Automotive Electronics - Internals and Security Implications
 
Can based collision aviodance system for automobiles
Can based collision aviodance system for automobilesCan based collision aviodance system for automobiles
Can based collision aviodance system for automobiles
 
Asia 14-garcia-illera-dude-wtf-in-my-can
Asia 14-garcia-illera-dude-wtf-in-my-canAsia 14-garcia-illera-dude-wtf-in-my-can
Asia 14-garcia-illera-dude-wtf-in-my-can
 
Remote Detonation System
Remote Detonation System Remote Detonation System
Remote Detonation System
 
DTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security SolutionsDTS Solution - SCADA Security Solutions
DTS Solution - SCADA Security Solutions
 
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
 
Maximizing High-Performance Applications with CAN Bus
Maximizing High-Performance Applications with CAN BusMaximizing High-Performance Applications with CAN Bus
Maximizing High-Performance Applications with CAN Bus
 
Maximizing High Performance Applications with CAN Bus
Maximizing High Performance Applications with CAN BusMaximizing High Performance Applications with CAN Bus
Maximizing High Performance Applications with CAN Bus
 
The Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and FuriousThe Great Train Robbery: Fast and Furious
The Great Train Robbery: Fast and Furious
 
Creating The World’s First
Creating The World’s First Creating The World’s First
Creating The World’s First
 

Mais de Guy Boulianne

FBI - Document anti-catholique
FBI - Document anti-catholiqueFBI - Document anti-catholique
FBI - Document anti-catholiqueGuy Boulianne
 
Tableau de la coercition de Biderman
Tableau de la coercition de BidermanTableau de la coercition de Biderman
Tableau de la coercition de BidermanGuy Boulianne
 
Krakivski Visti and the Jews, 1943
Krakivski Visti and the Jews, 1943Krakivski Visti and the Jews, 1943
Krakivski Visti and the Jews, 1943Guy Boulianne
 
John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...
John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...
John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...Guy Boulianne
 
John F. Kennedy -Press copy of The President and the Press, 27 April 1961
John F. Kennedy -Press copy of The President and the Press, 27 April 1961John F. Kennedy -Press copy of The President and the Press, 27 April 1961
John F. Kennedy -Press copy of The President and the Press, 27 April 1961Guy Boulianne
 
Programme de l'Union Nationale (1966)
Programme de l'Union Nationale (1966)Programme de l'Union Nationale (1966)
Programme de l'Union Nationale (1966)Guy Boulianne
 
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...Guy Boulianne
 
Big Brother NSA and Its "Little Brothers"
Big Brother NSA and Its "Little Brothers"Big Brother NSA and Its "Little Brothers"
Big Brother NSA and Its "Little Brothers"Guy Boulianne
 
Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040
Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040
Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040Guy Boulianne
 
Conspirators Hierarchy: The Story of the Committee of 300, by John Coleman
Conspirators Hierarchy: The Story of the Committee of 300, by John ColemanConspirators Hierarchy: The Story of the Committee of 300, by John Coleman
Conspirators Hierarchy: The Story of the Committee of 300, by John ColemanGuy Boulianne
 
Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...
Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...
Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...Guy Boulianne
 
COVID-Period Mass Vaccination Campaign and Public Health Disaster in the USA
COVID-Period Mass Vaccination Campaign and Public Health Disaster in the USACOVID-Period Mass Vaccination Campaign and Public Health Disaster in the USA
COVID-Period Mass Vaccination Campaign and Public Health Disaster in the USAGuy Boulianne
 
The Truth about mRNA Vaccines, by Raffaele Ansovini
The Truth about mRNA Vaccines, by Raffaele AnsoviniThe Truth about mRNA Vaccines, by Raffaele Ansovini
The Truth about mRNA Vaccines, by Raffaele AnsoviniGuy Boulianne
 
Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...
Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...
Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...Guy Boulianne
 
Evidence for a connection between coronavirus disease-19 and exposure to radi...
Evidence for a connection between coronavirus disease-19 and exposure to radi...Evidence for a connection between coronavirus disease-19 and exposure to radi...
Evidence for a connection between coronavirus disease-19 and exposure to radi...Guy Boulianne
 
Le mouvement conspirationniste au Québec
Le mouvement conspirationniste au QuébecLe mouvement conspirationniste au Québec
Le mouvement conspirationniste au QuébecGuy Boulianne
 
Rapport de mort du vaccin, par Dr Vladimir Zelenko
Rapport de mort du vaccin, par Dr Vladimir ZelenkoRapport de mort du vaccin, par Dr Vladimir Zelenko
Rapport de mort du vaccin, par Dr Vladimir ZelenkoGuy Boulianne
 
Memorandum of conversation between Mikhail Gorbachev and James Baker in Moscow
Memorandum of conversation between Mikhail Gorbachev and James Baker in MoscowMemorandum of conversation between Mikhail Gorbachev and James Baker in Moscow
Memorandum of conversation between Mikhail Gorbachev and James Baker in MoscowGuy Boulianne
 
MindWar, by Michael A. Aquino
MindWar, by Michael A. AquinoMindWar, by Michael A. Aquino
MindWar, by Michael A. AquinoGuy Boulianne
 
Poèmes de Meery Devergnas
Poèmes de Meery DevergnasPoèmes de Meery Devergnas
Poèmes de Meery DevergnasGuy Boulianne
 

Mais de Guy Boulianne (20)

FBI - Document anti-catholique
FBI - Document anti-catholiqueFBI - Document anti-catholique
FBI - Document anti-catholique
 
Tableau de la coercition de Biderman
Tableau de la coercition de BidermanTableau de la coercition de Biderman
Tableau de la coercition de Biderman
 
Krakivski Visti and the Jews, 1943
Krakivski Visti and the Jews, 1943Krakivski Visti and the Jews, 1943
Krakivski Visti and the Jews, 1943
 
John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...
John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...
John F. Kennedy - Address Before the Canadian Parliament in Ottawa (May 17, 1...
 
John F. Kennedy -Press copy of The President and the Press, 27 April 1961
John F. Kennedy -Press copy of The President and the Press, 27 April 1961John F. Kennedy -Press copy of The President and the Press, 27 April 1961
John F. Kennedy -Press copy of The President and the Press, 27 April 1961
 
Programme de l'Union Nationale (1966)
Programme de l'Union Nationale (1966)Programme de l'Union Nationale (1966)
Programme de l'Union Nationale (1966)
 
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
How to Hack Your Mini Cooper. Reverse Engineering CAN Messages on Passenger A...
 
Big Brother NSA and Its "Little Brothers"
Big Brother NSA and Its "Little Brothers"Big Brother NSA and Its "Little Brothers"
Big Brother NSA and Its "Little Brothers"
 
Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040
Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040
Décision disciplinaire de l’Ordre des médecins du Québec - No. 24-2018-01040
 
Conspirators Hierarchy: The Story of the Committee of 300, by John Coleman
Conspirators Hierarchy: The Story of the Committee of 300, by John ColemanConspirators Hierarchy: The Story of the Committee of 300, by John Coleman
Conspirators Hierarchy: The Story of the Committee of 300, by John Coleman
 
Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...
Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...
Ordonnance du tribunal de Pesaro d’analyser le contenu des vaccins ARNm - Rés...
 
COVID-Period Mass Vaccination Campaign and Public Health Disaster in the USA
COVID-Period Mass Vaccination Campaign and Public Health Disaster in the USACOVID-Period Mass Vaccination Campaign and Public Health Disaster in the USA
COVID-Period Mass Vaccination Campaign and Public Health Disaster in the USA
 
The Truth about mRNA Vaccines, by Raffaele Ansovini
The Truth about mRNA Vaccines, by Raffaele AnsoviniThe Truth about mRNA Vaccines, by Raffaele Ansovini
The Truth about mRNA Vaccines, by Raffaele Ansovini
 
Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...
Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...
Functionality and Clinical Effects of Anti-Cov2 Vaccines (Aka Mrna) And Integ...
 
Evidence for a connection between coronavirus disease-19 and exposure to radi...
Evidence for a connection between coronavirus disease-19 and exposure to radi...Evidence for a connection between coronavirus disease-19 and exposure to radi...
Evidence for a connection between coronavirus disease-19 and exposure to radi...
 
Le mouvement conspirationniste au Québec
Le mouvement conspirationniste au QuébecLe mouvement conspirationniste au Québec
Le mouvement conspirationniste au Québec
 
Rapport de mort du vaccin, par Dr Vladimir Zelenko
Rapport de mort du vaccin, par Dr Vladimir ZelenkoRapport de mort du vaccin, par Dr Vladimir Zelenko
Rapport de mort du vaccin, par Dr Vladimir Zelenko
 
Memorandum of conversation between Mikhail Gorbachev and James Baker in Moscow
Memorandum of conversation between Mikhail Gorbachev and James Baker in MoscowMemorandum of conversation between Mikhail Gorbachev and James Baker in Moscow
Memorandum of conversation between Mikhail Gorbachev and James Baker in Moscow
 
MindWar, by Michael A. Aquino
MindWar, by Michael A. AquinoMindWar, by Michael A. Aquino
MindWar, by Michael A. Aquino
 
Poèmes de Meery Devergnas
Poèmes de Meery DevergnasPoèmes de Meery Devergnas
Poèmes de Meery Devergnas
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

DEFCON-21 - How to Hack Your Mini Cooper, by Jason Staggs

  • 1. Computer Science / www.isec.utulsa.edu How to Hack Your Mini Cooper: Reverse Engineering CAN Messages on Passenger Automobiles Jason Staggs
  • 2. Computer Science / www.isec.utulsa.edu Who is this guy? • Jason Staggs – Graduate Research Assistant • Institute for Information Security (iSec) • Crash Reconstruction Research Consortium (TU-CRRC) – TRUE Digital Security • Cyber Security Analyst
  • 3. Computer Science / www.isec.utulsa.edu Why do we hack cars? • Related work – “Experimental Security Analysis of a Modern Automobile” – “Comprehensive Experimental Analyses of Automotive Attack Surfaces” • Understanding computer and network systems on cars – Underlying CAN protocol and components lack of authentication and verification of messages • Understanding potential points of vulnerability – Vehicle network security is in its infancy • But most importantly…
  • 4. Computer Science / www.isec.utulsa.edu To prevent this…
  • 5. Computer Science / www.isec.utulsa.edu From turning into this…
  • 6. Computer Science / www.isec.utulsa.edu Because of this...
  • 7. Computer Science / www.isec.utulsa.edu CAN Clock Project • Research project developed as a proof of concept – Manipulating CAN nodes via CAN network – Reverse engineering CAN messages – 2003 Mini Cooper
  • 8. Computer Science / www.isec.utulsa.edu Vehicle communication networks • Common vehicle protocols – CAN (Most widely used among manufactures) – FlexRay – LIN – MOST – J1850 (GM/Chrysler) – J1939 (Heavy Trucks) – J1708/J1587 (Being phased out due to J1939) • 2008: All US cars use CAN for mandated EPA diag.
  • 9. Computer Science / www.isec.utulsa.edu Interconnected vehicle networks
  • 10. Computer Science / www.isec.utulsa.edu Controller Area Networks • Bosch CAN standard – Developed in the 80s – European automotive manufactures were early adopters – Multi-master broadcast message system – Standard Format • 11-bit message ID • 2^11 or 2048 possible message IDs • MFG. use of proprietary IDs for their ECUs – Extended Format • 29-bit message ID • 2^29 or 537 million message IDs • Used extensively by J1939
  • 11. Computer Science / www.isec.utulsa.edu CAN Frame – SOF – Start of Frame – Identifier – Unique identifier for message along with priority – RTR – Remote Transmission Request – IDE – Identifier extension (distinguishes between CAN standard and CAN extended) – DLC – Data Length Code (frames have up to 8 bytes of data) – CRC – Cyclic Redundant Check sum – ACK – Acknowledge – EOF – End of Frame – IFS – Intermission Frame Space
  • 12. Computer Science / www.isec.utulsa.edu Electronic Control Units (ECUs) • ECUs designed to control: – Vehicle safety systems • Engine control unit • ABS braking system • Door locks – Non safety critical systems • Radio deck • HVAC system – The list goes on… • Programmable ECUs – Allows MFGs to update firmware on ECUs • Average modern day car has ~70 ECUs
  • 13. Computer Science / www.isec.utulsa.edu Reverse Engineering CAN Messages • What we want to do: – Manipulate CAN enabled vehicle components (Instrument Cluster) • Problem: – Manufactures do not publish CAN message information about specific CAN components (ECUs) • Message IDs • Payload information (Byte offsets) • Solution: – A method for visually correlating physical system interactions with identifiable patterns. (Humans are good at this) – Fuzzing (DANGER WILL ROBINSON!!!)
  • 14. Computer Science / www.isec.utulsa.edu Reverse Engineering CAN Messages • Passively captured CAN traffic during a staged test run – In this case it was a staged automotive collision..  – Mini Cooper vs. GMC Envoy (Check out TU-CRRC website for killer crash videos) – Data capture lasted for roughly 90 seconds • Data Log gives us ~106,000 data entries of CAN messages
  • 15. Computer Science / www.isec.utulsa.edu
  • 16. Computer Science / www.isec.utulsa.edu CAN Data Log • Contained ~106,000 data entries • Bash “cut –d. –f3 cooperheadion.txt | sort | uniq –c” – Only 15 Unique CAN IDs!? Message Frequency CAN IDs 12706 153 12706 1F0 12706 1F3 9460 1F5 12707 1F8 8899 316 8899 329
  • 17. Computer Science / www.isec.utulsa.edu Visually Identifying CAN Messages of Interest Message ID 0x153 Vehicle Speed
  • 18. Computer Science / www.isec.utulsa.edu ` 0 5 10 15 20 25 30 0 10 20 30 40 50 60 70 80 90 100 Vehicle Speed (MPH) Time (sec) 0x153 Byte 2 CAN Message
  • 19. Computer Science / www.isec.utulsa.edu Reverse Engineering CAN Messages • Speedometer and Tachometer Message IDs – 2 methods • For each message ID, plot data values vs. timestamp in order to determine physical significance. • Given possible CAN IDs, fuzz data fields until needles start moving CAN Message ID Description 0x153 Byte 2 Speedometer (Vehicle Speed) 0x316 Byte 3 Tachometer (Engine Speed) 0x329 Various indicator lights 0x61A Controls the messages being displayed on the tachometer LED screen 0x61F Tachometer along with various indicator lights
  • 20. Computer Science / www.isec.utulsa.edu Building the CAN Clock and Network • CAN Bus – 18 gauge wire – 2 x 120 ohms terminating resistors – 12V DC power source – Arduino Uno microcontroller – CAN Bus Shield • MCP2515 CAN controller • MCP2551 CAN transceiver – Mini Cooper Instrument Cluster – Real time clock module RTC (for clock mode) Computer Science / www.isec.utulsa.edu
  • 21. Computer Science / www.isec.utulsa.edu
  • 22. Computer Science / www.isec.utulsa.edu CAN Clock Proof of Concept • Talking CAN with Arduino – Arduino and CAN Controller Libraries • MCP2515 (Communication with CAN transceiver) • SPI (Used for communications between Arduino and CAN shield) • 2 Modes of operation – Clock Mode – Demo Mode
  • 23. Computer Science / www.isec.utulsa.edu Demo
  • 24. Computer Science / www.isec.utulsa.edu Gaining Physical Access to CAN Bus • Via OBD2 • Tapping the CAN bus (vampire tap) – Under the hood – Breaking a powered side view mirror – Etc. • 0 to pwned for less then $100 – Rogue Arduino CAN node • Potential conspirators – Mechanics – Car Rentals – Coworkers/Family/Friends/Valets/Ex-girlfriends/etc.
  • 25. Computer Science / www.isec.utulsa.edu Conclusion / Future Work • Better access control between vehicle network components – ECU to ECU – OBD2 to ECU • Applying conventional NIPS & firewall methods to CAN – Message anomaly prevention depending on context?
  • 26. Computer Science / www.isec.utulsa.edu For more Information • TU Research – http://isec.utulsa.edu/ – http://tucrrc.utulsa.edu/ ← Check out our research and crash tests  – http://tucrrc.utulsa.edu/canclock/ • CAN Standards/Docs – http://esd.cs.ucr.edu/webres/can20.pdf (CAN 2.0 Spec) – http://www.sae.org/standards/
  • 27. Computer Science / www.isec.utulsa.edu Questions?? • jason-staggs@utulsa.edu