skip to main |
skip to sidebar
Update: I had a request to update my lists below to include links to malware sample repositories. Just a word of caution to be very careful with any of the links in red. I also think that one of Lenny Zelter's pages about malware research samples says it all, and would advise reading his page before using any of the links in red. I have also added a few more sites to the list, and can continue to do that as I come across additional pages. Lastly, the OPML file has also been updated, but doesn't include many of the malware sample sites because most of them didn't seem to offer a feed option.
I've been meaning to share the list of links that I follow for a while now. Below is a link to a spreadsheet that I created which lists separately the HTML URL's from the RSS URL's for sites which I follow. I also added a link to my Feedly OPML dump. I figured it would be a nice update to the blog since I don't have very much time to post these days. Feel free to download and import into your readers, bookmarks, etc. I have quite a few more that I didn't add because they were links to online sandboxes and/or malware repositories, so they really weren't RSS type links, and I also was a little hesitant about posting links to malware. I think for the most part the list has been de-duped, so if it looks like there are doubles, you might find that a site simply has more than one feed that it offers, but send me a heads-up if you believe otherwise. Also, if you would like the full list, contact me and I can send it out or post it. Enjoy!
XLSX:
https://1drv.ms/x/s!AilmDQY9_Q5NhDPqcC8lr2Kpl36y
Feedly OPML:
https://drive.google.com/open?id=0B0CinYp-Pe4-VFN3UXl6ZkMwZ2c
Update: Today I had the wonderful pleasure of presenting to some of New York's Finest - the International Association of Financial Crimes Investigators, hosted by the United States Postal Inspection Service. I updated the slide-deck, and replaced the older one with today's version. I've also added a few new reference links below. And a huge shout-out to the gentleman in the audience who enlightened me about RFID tags embedded in tires. Enjoy!
Yesterday I had the great privilege of representing the company I work for, AccessData, and presenting on the topic of “Vehicle Cyber Security and Forensics” to an esteemed audience at the New York-New Jersey Electronic Crimes Task Force. Afterward, I received some requests to share-out the presentation, which was in fact, the impetus behind my speaking – to contribute to the community. I double-checked with my employer, and was given a green-light to post our slide deck. I say “our” because as I mentioned during my talk, the deck would not have been possible without a large contribution from Gloria D’Anna (our partner at Tri-Kar), and Ben LeMere (our partner at Berla Corp).
Also of interest to the group, may be this breaking news story involving thieves breaking into cars using a mysterious electronic device, sent to me from Sergeant Christopher Then of the Morris County Prosecutor's High Tech Crime Unit, thank you Sir!
My presentation was what I call a bit of a “CliffsNotes” version of what’s been happening in the past 1-2 years with regards to vehicle cyber security and forensics. The supporting articles are quite numerous, so I have categorized them below, along with their corresponding links. Additionally, I played three short video snippets during the presentation; they too are listed below with their links.
If you download the PowerPoint deck, I would advise that you view the deck with the “Notes” section turned on, those were my talking points, and otherwise the slides themselves might not make a ton of sense. I purposely create my presentations that way, so as not to cause anyone “Death By PowerPoint!” My thinking is that the fewer slides that contain nothing but bullet-points, the better.
Lastly I should add, that below are a ton of links which take you to other Web sites of which I do not necessarily share the same opinion, nor am I responsible for their content. I believe all of the links below to be clean, but click at your own risk. Also, you might find that the “Comments” section of the articles add even more information to the topic, albeit keeping in mind their source might not have been vetted.
Video Links:
http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video
Video Only:
http://www.youtube.com/watch?v=oqe6S6m73Zw&list=PLpndQ-APwbNW0iOqmP6EK8OOw2XCaJcTS&index=6
- Lock and Unlock Remote Hack:
http://www.youtube.com/watch?v=bNDv00SGb6w
- Senator Markey News Item:
http://www.dailymotion.com/video/x1802gt_ed-markey-write-letter-to-auto-makers-demanding-answers-on-car-hacking-threats_tech
DefCon Research Related Articles:
Opens to PDF: http://illmatics.com/car_hacking.pdf
http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video
http://www.pcworld.com/article/2045895/researchers-reveal-methods-behind-car-hack-at-defcon.html
http://www.afterdawn.com/news/article.cfm/2013/07/28/white_hat_hackers_to_release_software_used_to_crack_critical_car_systems_at_def_con
http://www.caranddriver.com/features/can-your-car-be-hacked-feature
http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking-its-computers-a-new-how-to
http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-at-defcon
http://www.computerworld.com/s/article/9241352/Researchers_reveal_methods_behind_car_hack_at_Defcon
http://www.sciencefriday.com/segment/08/02/2013/hacking-under-the-hood-and-into-your-car.html
http://www.motoring.com.au/news/2013/hacker-safety-risk-for-new-cars-37930
Opens to PPTX: http://www.canbushack.com/defcon19/workshop.pptx
http://vehicle-reverse-engineering.wikia.com/wiki/Vehicle_Reverse_Engineering_Wiki
https://autos.aol.com/article/hackers-def-con-cyber-security-ford-toyota
http://www.carknow.me
WiFi Research Related Articles:
http://www.dfinews.com/news/2013/10/israeli-tunnel-hit-cyber-attack
http://blogs.discovermagazine.com/d-brief/2013/07/30/networked-cars-and-their-hacks-are-right-around-the-corner
http://www.its.dot.gov/research/v2v.htm
http://www.its.dot.gov/research/v2i.htm
http://www.networkworld.com/research/2012/080612-car-hacking-bluetooth-and-other-security-261422.html
Police Cruiser Pen-Test:
Opens to PDF: http://www.digitalmunition.com/OwningCopCar.pdf
http://www.theregister.co.uk/2011/05/03/cop_car_hacking
WebTech Plus Wireless Repo:
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars
http://www.computerworld.com/s/article/9229919/Car_hacking_Remote_access_and_other_security_issues
On-Board Intelligence Systems and GPS:
Opens to PDF: http://www.berla.co/downloads/ive_datasheet.pdf
http://www.dfinews.com/articles/2011/04/enhancing-investigations-gps-evidence
http://gizmodo.com/5540029/no-kidding-onstar-cars-can-be-hacked-remotely-controlled
http://hackaday.com/2013/10/21/can-hacking-introductions
http://hackaday.com/2013/10/22/can-hacking-the-in-vehicle-network
http://hackaday.com/2013/10/29/can-hacking-protocols
http://hackaday.com/2013/11/05/can-hacking-the-hardware
http://hackaday.com/2009/12/26/hacking-the-onstar-gps-v2
http://hackaday.com/2005/03/29/gm-onstar-hacking
https://sites.google.com/site/radioetcetera/home/onstar-gps
Apps:
http://www.caranddriver.com/news/ford-introduces-next-gen-connectivity-suite-called-myford-should-be-awesome-car-news
http://blog.caranddriver.com/toyota-entune-infotainment-system-to-challenge-fords-sync
http://news.cnet.com/8301-13772_3-20104962-52/ford-unveils-openxc-invites-open-source-applications
http://gigaom.com/2013/01/10/forget-apps-fords-openxc-project-will-produce-open-source-car-hardware
Naval Jet Pen-Test:
http://www.businessinsider.com/naval-hackers-broke-into-the-f-35-logistics-system-exposing-more-huge-weaknesses-2012-11
http://www.dailykos.com/story/2012/11/16/1162245/-The-F-35-Fighter-an-example-of-failure
Cisco:
http://www.scribd.com/doc/153781644/Fedex
http://gigaom.com/2013/08/06/ciscos-remedy-for-connected-car-security-treat-the-car-like-an-enterprise
Driverless Safety and Vehicles:
http://www.forbes.com/sites/joannmuller/2013/03/21/no-hands-no-feet-my-unnerving-ride-in-googles-driverless-car
http://www.itsinternational.com/sections/nafta/features/city-safety-reduces-low-speed-accidents-on-volvos-xc60-and-s60
http://www.scmagazine.com/google-joins-with-automakers-to-put-android-connected-cars-on-road/article/328124
Opens to PDF: http://www-nrd.nhtsa.dot.gov/pdf/esv/esv21/09-0371.pdf
http://www.techhive.com/article/2043878/driverless-cars-yield-to-reality-its-a-long-road-ahead.html
http://www.techhive.com/article/2010645/self-driving-cars-could-bring-a-new-world-of-hacking.html
http://online.wsj.com/article/SB10001424127887323407104579038832031956964.html
Lock and Unlock Remotely:
http://www.carscoops.com/2011/08/hacking-your-car-through-your-smart.html
http://www.networkworld.com/news/2011/072711-war-texting-lets-hackers-unlock.html
http://usatoday30.usatoday.com/tech/news/story/2011/08/Cars-vulnerable-to-theft-by-hacking/50057610/1
Opens to PDF: https://www.usenix.org/sites/default/files/conference/protected-files/verdult_sec13_slides.pdf
https://www.usenix.org/conference/usenixsecurity13/dismantling-megamos-crypto-wirelessly-lockpicking-vehicle-immobilizer
http://www.washingtonpost.com/world/armored-suv-could-not-protect-us-agents-in-mexico/2012/02/13/gIQACv1KFR_story.html
ODB-II Consumer Products:
http://www.popularmechanics.com/cars/how-to/repair/every-car-can-be-connected-to-the-cloud-15657579
http://www.wired.com/autopia/2013/03/automatic-car
https://buy.garmin.com/en-US/US/prod38354.html
http://cannonfire.blogspot.com/2012/04/why-is-progressive-insurance-lying.html
University of California, San Diego Researchers:
Opens to PDF: http://www.autosec.org/pubs/cars-usenixsec2011.pdf
http://www.nytimes.com/2011/03/10/business/10hack.html
Opens to PDF: http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
Opens to PDF: http://www.autosec.org/pubs/cars-oakland2010.pdf
http://www.just-auto.com/interview/car-infotainment-hacking_id141351.aspx
http://www.informationweek.com/security/vulnerabilities/your-cars-next-enemy-malware/231600981
http://www.bbc.com/autos/story/20130621-car-hacking-gets-real
http://www.techhive.com/article/196293/car_hackers_can_kill_brakes_engine_and_more.html
http://gizmodo.com/5781966/now-cars-are-vulnerable-to-malware
http://www.itworld.com/security/139794/with-hacking-music-can-take-control-your-car
http://blog.malwarebytes.org/whats-in-the-news/2013/07/hacking-cars-subverting-onboard-computers-in-modern-vehicles
Opens to PDF: http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
Opens to PDF: http://www.ethernettechnologyday.com/downloads/archive/3rd/13_Wolf_Escrypt_Security.pdf
Black Boxes and Senator Markey:
http://www.nytimes.com/2013/07/22/business/black-boxes-in-cars-a-question-of-privacy.html
http://www.forbes.com/sites/kashmirhill/2011/02/09/mans-suv-shouldnt-have-been-able-to-testify-against-him
http://www.reuters.com/article/2013/12/03/us-hacking-cars-markey-idUSBRE9B213620131203
http://www.forbes.com/sites/kashmirhill/2012/04/19/hate-to-break-it-to-you-but-your-car-likely-has-a-black-box-spying-on-you-already
http://www.forbes.com/sites/andygreenberg/2013/12/04/heres-the-letter-a-senator-sent-to-20-auto-makers-demanding-answers-on-car-hacking-threats
AutoDownload Markey Full Letter: http://www.scribd.com/document_downloads/189258686?extension=pdf&from=embed&source=embed
https://www.schneier.com/blog/archives/2013/02/automobile_data.html
http://mfes.com/cdr.html
http://nakedsecurity.sophos.com/2013/12/04/car-manufacturers-quizzed-over-their-anti-hacking-measures
http://www.forbes.com/sites/kashmirhill/2013/02/19/the-big-privacy-takeaway-from-tesla-vs-the-new-york-times
http://money.cnn.com/2013/02/15/autos/tesla-model-s
