Getting naughty on CAN bus with CHV Badge

WATCH: https://youtu.be/PPNTdoanxBE

evadsnibor

FRI 8/12 •
11:00 AM
40 minutes

Explain how the CHV badge can generate CAN waveforms (and other digital protocols) with different errors to disrupt vehicle networks. More than an ARB, the generation can be interactive - where the waveform can change based on the response of the network. The talk will focus on the Raspberry Pi rp2040 in the CHV badge and its hacker potential.

Remote Exploitation of Honda Cars

WATCH: https://youtu.be/y4Uzm-CTa0I

Mohammed Shine

fri 8/12 •
12:00 PM
25 minutes

The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it's Telematics Control Unit (TCU)

RFCommotion - Invisible Serial Ports Flying Through the Air

WATCH: https://youtu.be/VwM3sUYGIBk

Kamel

Fri 8/12 •
1:00 PM
40 minutes

Bluetooth isn't a protocol, it's like 10 small protocols wearing a big coat pretending to be a protocol. One of the more important little protocols is the RFCOMM protocol, which acts as a standard transport layer for many other protocols to be built on top of it. In this talk, I'll introduce the audience to Bluetooth RFCOMM channels and how they're used, and introduce/release a tool I've developed to help with testing services attached to RFCOMM channels used in vehicles (and other IoT devices).

Security like the 80's: How I stole your RF

WATCH: https://youtu.be/AxkRnUnvYWw

Ayyappan Rajesh

Fri 8/12 •
2:00 PM
25 minutes

The issue about convenience vs. security has been spoken about for years now, with most devices having wireless capability now, it invites trouble, especially when it is not encrypted or secured. Right from our tap-to-pay cards to even unlocking and starting out car.

This talk discusses CVE-2022-27254 and the story of how we came about discovering it. The CVE exploits an issues wherein the remote keyless system on various Honda vehicles, allowing an attacker to access the cars, and potentially even let them drive away with it!

Integrating mileage clocking and other hacking equipment into a vehicle simulator rig

WATCH: https://youtu.be/GsNoctPDjNU

David Rogers

Fri 8/12 •
2:30 PM
40 minutes

This talk will explain how we were able to get real-world car hacking equipment for mileage clocking up and running in our own vehicle hacking simulator in order to help us reverse engineer and also demo it (without getting arrested). David Rogers will also explain how rigs can be built to include in other types of equipment, from head units to dashcams. He will show how the rig has also been adapted to allow others to ‘remotely control’ elements of the vehicle – including removing the brakes and accelerator, which provides a truly terrifying, immersive experience (with motion) of what it would be like to be in car where things are in the control of a malicious third party, not the driver. The talk will conclude with what needs to be done in the future autonomous and connected vehicle space to ensure safety and security.

Smart Black Box Fuzzing of UDS CAN

WATCH: https://youtu.be/TWYE85319u4

Soohwan Oh, Jonghyuk Song and Jeongho Yang

fri 8/12 •
3:30 PM
25 minutes

How to solve the difficulties when performing black box fuzzing on the real automobiles. First, coverage-guided fuzzing is impossible, so we should generate testcases with full understanding of UDS CAN, such as message flows, frame types. Second, it is hard to decide whether errors occurred, we should check timeout, pending response, DTC (diagnostic Trouble Code) and NRC (Negative Response Code). Third, even if the target ECU is dead, we should continue the fuzzing by using ClearDiagnosticInformation and ECUReset. During this talk, audiences can learn the effective and practical CAN fuzzing guides on the technical level.