Yesterday I had the great privilege of representing the company I work for, AccessData, and presenting on the topic of “Vehicle Cyber Security and Forensics” to an esteemed audience at the New York-New Jersey Electronic Crimes Task Force. Afterward, I received some requests to share-out the presentation, which was in fact, the impetus behind my speaking – to contribute to the community. I double-checked with my employer, and was given a green-light to post our slide deck. I say “our” because as I mentioned during my talk, the deck would not have been possible without a large contribution from Gloria D’Anna (our partner at Tri-Kar), and Ben LeMere (our partner at Berla Corp).
Also of interest to the group, may be this breaking news story involving thieves breaking into cars using a mysterious electronic device, sent to me from Sergeant Christopher Then of the Morris County Prosecutor's High Tech Crime Unit, thank you Sir!
My presentation was what I call a bit of a “CliffsNotes” version of what’s been happening in the past 1-2 years with regards to vehicle cyber security and forensics. The supporting articles are quite numerous, so I have categorized them below, along with their corresponding links. Additionally, I played three short video snippets during the presentation; they too are listed below with their links.
If you download the PowerPoint deck, I would advise that you view the deck with the “Notes” section turned on, those were my talking points, and otherwise the slides themselves might not make a ton of sense. I purposely create my presentations that way, so as not to cause anyone “Death By PowerPoint!” My thinking is that the fewer slides that contain nothing but bullet-points, the better.
Lastly I should add, that below are a ton of links which take you to other Web sites of which I do not necessarily share the same opinion, nor am I responsible for their content. I believe all of the links below to be clean, but click at your own risk. Also, you might find that the “Comments” section of the articles add even more information to the topic, albeit keeping in mind their source might not have been vetted.
Video Links:
- DefCon Forbes Interview:
Video Only:
http://www.youtube.com/watch?v=oqe6S6m73Zw&list=PLpndQ-APwbNW0iOqmP6EK8OOw2XCaJcTS&index=6
- Lock and Unlock Remote Hack:
- Senator Markey News Item:
DefCon Research Related Articles:
Opens to PDF: http://illmatics.com/car_hacking.pdf
http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video
http://www.pcworld.com/article/2045895/researchers-reveal-methods-behind-car-hack-at-defcon.html
http://www.afterdawn.com/news/article.cfm/2013/07/28/white_hat_hackers_to_release_software_used_to_crack_critical_car_systems_at_def_con
http://www.caranddriver.com/features/can-your-car-be-hacked-feature
http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking-its-computers-a-new-how-to
http://news.cnet.com/8301-1009_3-57596847-83/car-hacking-code-released-at-defcon
http://www.computerworld.com/s/article/9241352/Researchers_reveal_methods_behind_car_hack_at_Defcon
http://www.sciencefriday.com/segment/08/02/2013/hacking-under-the-hood-and-into-your-car.html
http://www.motoring.com.au/news/2013/hacker-safety-risk-for-new-cars-37930
Opens to PPTX: http://www.canbushack.com/defcon19/workshop.pptx
http://vehicle-reverse-engineering.wikia.com/wiki/Vehicle_Reverse_Engineering_Wiki
https://autos.aol.com/article/hackers-def-con-cyber-security-ford-toyota
http://www.carknow.me
WiFi Research Related Articles:
http://www.dfinews.com/news/2013/10/israeli-tunnel-hit-cyber-attack
http://blogs.discovermagazine.com/d-brief/2013/07/30/networked-cars-and-their-hacks-are-right-around-the-corner
http://www.its.dot.gov/research/v2v.htm
http://www.its.dot.gov/research/v2i.htm
http://www.networkworld.com/research/2012/080612-car-hacking-bluetooth-and-other-security-261422.html
Police Cruiser Pen-Test:
Opens to PDF: http://www.digitalmunition.com/OwningCopCar.pdf
http://www.theregister.co.uk/2011/05/03/cop_car_hacking
WebTech Plus Wireless Repo:
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars
http://www.computerworld.com/s/article/9229919/Car_hacking_Remote_access_and_other_security_issues
On-Board Intelligence Systems and GPS:
Opens to PDF: http://www.berla.co/downloads/ive_datasheet.pdf
http://www.dfinews.com/articles/2011/04/enhancing-investigations-gps-evidence
http://gizmodo.com/5540029/no-kidding-onstar-cars-can-be-hacked-remotely-controlled
http://hackaday.com/2013/10/21/can-hacking-introductions
http://hackaday.com/2013/10/22/can-hacking-the-in-vehicle-network
http://hackaday.com/2013/10/29/can-hacking-protocols
http://hackaday.com/2013/11/05/can-hacking-the-hardware
http://hackaday.com/2009/12/26/hacking-the-onstar-gps-v2
http://hackaday.com/2005/03/29/gm-onstar-hacking
https://sites.google.com/site/radioetcetera/home/onstar-gps
Apps:
http://www.caranddriver.com/news/ford-introduces-next-gen-connectivity-suite-called-myford-should-be-awesome-car-news
http://blog.caranddriver.com/toyota-entune-infotainment-system-to-challenge-fords-sync
http://news.cnet.com/8301-13772_3-20104962-52/ford-unveils-openxc-invites-open-source-applications
http://gigaom.com/2013/01/10/forget-apps-fords-openxc-project-will-produce-open-source-car-hardware
Naval Jet Pen-Test:
http://www.businessinsider.com/naval-hackers-broke-into-the-f-35-logistics-system-exposing-more-huge-weaknesses-2012-11
http://www.dailykos.com/story/2012/11/16/1162245/-The-F-35-Fighter-an-example-of-failure
Cisco:
http://www.scribd.com/doc/153781644/Fedex
http://gigaom.com/2013/08/06/ciscos-remedy-for-connected-car-security-treat-the-car-like-an-enterprise
Driverless Safety and Vehicles:
http://www.forbes.com/sites/joannmuller/2013/03/21/no-hands-no-feet-my-unnerving-ride-in-googles-driverless-car
http://www.itsinternational.com/sections/nafta/features/city-safety-reduces-low-speed-accidents-on-volvos-xc60-and-s60
http://www.scmagazine.com/google-joins-with-automakers-to-put-android-connected-cars-on-road/article/328124
Opens to PDF: http://www-nrd.nhtsa.dot.gov/pdf/esv/esv21/09-0371.pdf
http://www.techhive.com/article/2043878/driverless-cars-yield-to-reality-its-a-long-road-ahead.html
http://www.techhive.com/article/2010645/self-driving-cars-could-bring-a-new-world-of-hacking.html
http://online.wsj.com/article/SB10001424127887323407104579038832031956964.html
Lock and Unlock Remotely:
http://www.carscoops.com/2011/08/hacking-your-car-through-your-smart.html
http://www.networkworld.com/news/2011/072711-war-texting-lets-hackers-unlock.html
http://usatoday30.usatoday.com/tech/news/story/2011/08/Cars-vulnerable-to-theft-by-hacking/50057610/1
Opens to PDF: https://www.usenix.org/sites/default/files/conference/protected-files/verdult_sec13_slides.pdf
https://www.usenix.org/conference/usenixsecurity13/dismantling-megamos-crypto-wirelessly-lockpicking-vehicle-immobilizer
http://www.washingtonpost.com/world/armored-suv-could-not-protect-us-agents-in-mexico/2012/02/13/gIQACv1KFR_story.html
ODB-II Consumer Products:
http://www.popularmechanics.com/cars/how-to/repair/every-car-can-be-connected-to-the-cloud-15657579
http://www.wired.com/autopia/2013/03/automatic-car
https://buy.garmin.com/en-US/US/prod38354.html
http://cannonfire.blogspot.com/2012/04/why-is-progressive-insurance-lying.html
University of California, San Diego Researchers:
Opens to PDF: http://www.autosec.org/pubs/cars-usenixsec2011.pdf
http://www.nytimes.com/2011/03/10/business/10hack.html
Opens to PDF: http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
Opens to PDF: http://www.autosec.org/pubs/cars-oakland2010.pdf
http://www.just-auto.com/interview/car-infotainment-hacking_id141351.aspx
http://www.informationweek.com/security/vulnerabilities/your-cars-next-enemy-malware/231600981
http://www.bbc.com/autos/story/20130621-car-hacking-gets-real
http://www.techhive.com/article/196293/car_hackers_can_kill_brakes_engine_and_more.html
http://gizmodo.com/5781966/now-cars-are-vulnerable-to-malware
http://www.itworld.com/security/139794/with-hacking-music-can-take-control-your-car
http://blog.malwarebytes.org/whats-in-the-news/2013/07/hacking-cars-subverting-onboard-computers-in-modern-vehicles
Opens to PDF: http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
Opens to PDF: http://www.ethernettechnologyday.com/downloads/archive/3rd/13_Wolf_Escrypt_Security.pdf
Black Boxes and Senator Markey:
http://www.nytimes.com/2013/07/22/business/black-boxes-in-cars-a-question-of-privacy.html
http://www.forbes.com/sites/kashmirhill/2011/02/09/mans-suv-shouldnt-have-been-able-to-testify-against-him
http://www.reuters.com/article/2013/12/03/us-hacking-cars-markey-idUSBRE9B213620131203
http://www.forbes.com/sites/kashmirhill/2012/04/19/hate-to-break-it-to-you-but-your-car-likely-has-a-black-box-spying-on-you-already
http://www.forbes.com/sites/andygreenberg/2013/12/04/heres-the-letter-a-senator-sent-to-20-auto-makers-demanding-answers-on-car-hacking-threats
AutoDownload Markey Full Letter: http://www.scribd.com/document_downloads/189258686?extension=pdf&from=embed&source=embed
https://www.schneier.com/blog/archives/2013/02/automobile_data.html
http://mfes.com/cdr.html
http://nakedsecurity.sophos.com/2013/12/04/car-manufacturers-quizzed-over-their-anti-hacking-measures
http://www.forbes.com/sites/kashmirhill/2013/02/19/the-big-privacy-takeaway-from-tesla-vs-the-new-york-times
http://money.cnn.com/2013/02/15/autos/tesla-model-s