DEF CON 31 Car Hacking Village - How an Auto Security Researcher Had His Car Stolen - Tabor, Tindell

preview_player
Показать описание
The story of the investigation into the device that I believe was used to steal my 2021 Toyota RAV4 in July 2022 using 'CAN Injection'

There will be low level details on how the CAN bus works, how the 'theft device' spoofs CAN frames and using a modified transceiver to stop other ECUs communicating. We will also explain the disclosure process and possible fixes. Get the full story in the blog.
  1. DEFCONConference
  2. DEF
  3. CON
  4. DEFCON
  5. DEF CON
  6. hacker conference
Рекомендации по теме
DEF CON 31 0:45:37

DEF CON 31 Car Hacking Village - How an Auto Security Researcher Had His Car Stolen - Tabor, Tindell

DEF CON 31 0:37:04

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded Systems - Martin Petran

DEF CON 31 0:06:03

DEF CON 31 - Car Hacking Village Interview - video team

DEF CON 31 0:37:33

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song

DEF CON 31 0:00:29

DEF CON 31 Car Hacking Village Interview

DEF CON 31 0:44:46

DEF CON 31 - Car Hacking Village - Exploiting Wireless Side Channels in EV Charging - Kohler, Baker

DEF CON 31 0:33:49

DEF CON 31 - How Vulns in Global Transportation Payment Systems Cost You - Omer Attias

DEF CON 31 0:37:04

DEF CON 31 Car Hacking Village-Abusing CAN Bus Spec for DoS in Embedded Systems-Martin Petran

DEF CON 31 0:00:17

DEF CON 31 Hack the Box Interview

DEF CON 31 0:45:05

DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris

DEF CON 31 0:42:47

DEF CON 31 - Badge of Shame Breaking into Secure Facilities with OSDP -Dan Petro, David Vargas

Inside DEF CON, 0:00:57

Inside DEF CON, The Annual Hacker Convention #shorts

DEF CON 31 0:47:34

DEF CON 31 - Terminally Owned - 60 Years of Escaping - David Leadbeater

DEF CON 30 0:03:23

DEF CON 30 - Car Hacking Village vol. 1

DEF CON 31 0:45:25

DEF CON 31 - Defending KA-SAT - Mark Colaluca and Nick Saunders

Why Def Con 0:14:04

Why Def Con 31 SUCKED - Full recap & review | Ep. 38

DEF CON 30 1:04:37

DEF CON 30 Car Hacking Village - Evadsnibor - Getting Naughty on CAN bus with CHV Badge

DEF CON 30 0:04:39

DEF CON 30 - Car Hacking Village Interview

DEF CON 31 0:44:25

DEF CON 31 - Vacuum Robot Security & Privacy Prevent yr Robot from Sucking Your Data - Dennis G...

DEF CON 31 0:19:54

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn

DEF CON 29 0:51:55

DEF CON 29 Car Hacking Village - Jay Turla - Bug Hunter's Guide to Bashing for Car Hacking Bug...

SAO Adapter for 0:01:00

SAO Adapter for DEF CON 31 Badge #defcon #badgelife

DEF CON 31 0:00:15

DEF CON 31 Apple TV Spoof - video team

DEF CON 31 0:20:31

DEF CON 31 War Stories - Tracking the Worlds Dumbest Cyber Mercenaries - Cooper Quintin

Комментарии
Автор

I work with CAN for industrial applications at my job, and it is insane to me that it would get used for anything security related. I was (and now still am) under the impression that the moment there is physical access to the bus, that the bus is owned by the attacker.

StarchedPie
Автор

Actually, the first suggestion is the only correct one. Devices accessible from the outside should not be on the same bus as the main security modules. Never.
And the excuse about the cost in production - just indicates that the manufacturer is extremely interested in its own profits, but absolutely not interested in the safety of the customer's property, after he gave money for it to the dealer...
Actually converting all the devices and modules on the bus to CryptoCAN will be more expensive than an isolated bus for externally accessible devices.

Andrei-ngyz
Автор

Anyone who is into the business of automotive security system installation knows about this CAN attack through the headlight wiring on Toyotas. And Toyota has known for a long time for sure. And it was known well before 2021... Hijackers have been using this method for a long time. So it's nothing new.

Andrei-ngyz
Автор

use LIN bus instead of CAN for headlights

zoenagy
Автор

Solutions to auto theft are difficult due to the right to repair. Forcing people to go to the dealership or to purchase special licenses to access the computer of a vehicle is illegal.
This includes the immobilizer.
Recent changes in security will force major manufacturers who refuse to play along will sue or continue to reverse engineer vehicles.
At the end of the day, it's up to each individual to secure their own vehicles. Just like we do our homes and personal belongings we carry.
We also need to strictly punish thieves.

honestlocksmith
Автор

ב''ה, or you could just rent from my Connecticut landlord.

josephkanowitz