Friday at 13:00 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Pavel Khunt Automotive Security Researcher and Penetration Tester at Auxilium Pentest Labs

Thomas "Cr0wTom" Sermpinis Technical Director at Auxilium Pentest Labs

This research aims to enhance electric vehicle cybersecurity by uncovering vulnerabilities in the Electric Vehicle Communication Controller (EVCC), crucial for charging communication. We've developed a specialized security tool after examining electric vehicle charging ports and On-Board Charging (OBC) protocols, with a focus on ISO 15118 standards.

Friday at 13:30 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Harry Krejsa Assistant National Cyber Director for Strategy at ONCD

Sarah Hipel Standards and Reliability Program Manager at ONCD

Unprecedented investments in vehicle electrification are creating new pathways for hackers to exploit EVs and EV chargers. Many of these risks are theoretical and have not been demonstrated in the wild…yet. Policymakers are racing to better understand systemic cyber risks present in this new EV ecosystem—particularly those which might impact the electric grid—so we can devise effective mitigations now. This talk offers a White House policymaker’s perspective on the changing EV landscape, new policy measures under consideration to identify and reduce the impact of vulnerabilities, and the critical role that hackers can play in focusing our work.

Friday at 14:00 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Jonghyuk Song

Seunghee Han Automotive Engineer and Security Tester at Autocrypt Engineering

Soohwan Oh

Some diagnostic services in UDSonCAN that could affect driving should be disabled while driving and protected by authentication mechanisms such as SecurityAccess. However, without these security measures, attackers can cause a serious safety risk to the driver using only diagnostic messages. In this talk, we introduce UDSonCAN attacks discovered through fuzzing and describe their countermeasures. These attacks can cause a moving car to suddenly stop or a stationary car to suddenly acceleration with just simple diagnostic messages. We discovered these vulnerabilities in the latest electric vehicle model and have prepared a demo.

Friday at 14:30 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Danilo Erazo Ethical Hacker at Fluid Attacks

Using hardware hacking techniques, it was possible to detect the use of learning codes instead of rolling codes in a key job of a car widely used in my country. For this purpose, the key job was disassembled and the HS2240 integrated circuit was detected and, using a logic analyzer, the emission of learning codes from the integrated circuit to the radio frequency LED emitter was checked. With the use of HackRF SDR, the learning code is duplicated to be able to open the car N times without needing the original key anymore, which proves that the use of learning codes is very vulnerable, just like fixed codes.

Friday at 15:00 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Kevin Mitchell

In this talk, I will detail my discovery and analysis of CVE 2023-52709, a vulnerability in the TI Bluetooth stack. This flaw allows the stack to fail in generating a resolvable Random Private Address (RPA), which can lead to a Denial of Service (DoS) for already bonded peer devices. The discussion will cover the technical aspects of the vulnerability, the implications for automotive security, and potential mitigation strategies.

Saturday at 16:00 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Vladyslav Zubkov Bug Bounty Hunter

Martin Strohmeier Senior Scientist at Cyber Defence Campus

Over the past decade, infotainment systems experienced a growth in functionality, broader adoption and central incorporation into the vehicle architecture. Due to the ever-growing role of wireless protocols such as Bluetooth and a known lack of patches alongside the difficulty of patch installation, this poses a new attack surface and a genuine threat to the users. At the same time, the tools and methodologies required for testing are scattered across the Internet, absent and need a rigorous setup.

In this talk, we share a comprehensive framework BlueToolkit to test and replay Bluetooth Classic vulnerabilities. We provide practical information and tips. Additionally, we release new exploits and a privilege escalation attack vector.

We show how we used the toolkit to find 64 new vulnerabilities in 22 modern cars and the Garmin Flight Stream flight management system used in several aircraft types.

Our work equips Bluetooth hackers with necessary information on novel implementation-specific vulnerabilities that could be used to steal information from target cars, establish MitM position or escalate privileges to hijack victims’ accounts stealthily.

We believe our research will be beneficial in finding new vulnerabilities and making Bluetooth research more accessible and reproducible.

Saturday at 16:30 in LVCC - L1 - HW4-04-02 (Creator Stage 3)

Varjitt Jeeva Software Engineer

Some cars are over-engineered, some are too basic, and some check every box except one. I did that research over months when trying to buy a new car, and landed on a 6MT Cadillac ATS-V while only wanting and dealing with Japanese cars, specifically Lexus/Toyota. The one thing it was missing was a digital gauge cluster, and programmers were asking $350, so I set off to figure it out myself. I then dove deep into GM electronics and programming, found a smart dude who initially cracked it all for free to spite all the money-grabbing gatekeepers, then became a hyprocrite, backtracking asking thousands to reveal his learnings. This presentation will go over how I programmed that cluster, posted everything on Github, out of spite.

Sunday at 10:00 in LVCC - L2 - W222 (Creator Stage 4)

Justin Car Hacking Village

Tom VanNorman ICS Village

Savannah Red Team Village

Nina Alli Biohacking Village

Muteki Blue Team Village

The Villages are a key part of the DEFCON experience - join this panel of staff members of the DEFCON Villages to get an inside scoop on all the intricacies of organizing a village. Topics from finding sponsors to setting up equipment to making sure everyone gets to take a break during the event - there's a whole lot that goes on behind the scenes at DEFCON villages!