Friday 12:30 - 1:00 PM | Creator Stage 3 (Room 231)

Speaker: Eaton Zveare

Details: Many automotive dealers in the USA utilize centralized platforms for everything from sales to service to marketing. The interconnectivity of various systems makes things easy to manage, but also exposes certain risks should any of these systems have a vulnerability. API flaws were discovered in a top automaker's dealer platform that enabled the creation of a national admin account. With that level of access, being able to remotely take over your car was only the tip of the iceberg…

Friday 2:30 - 3:00 PM | Creator Stage 3 (Room 231)

Speaker: Collin

While reading some automotive forums online, I stumbled upon an odometer manipulation device which claims to support 53 different car brands. Curious, I purchased this tool with the sole intent of reverse engineering it. I tear down the hardware involved, explain how it is designed to be installed between the instrument panel cluster and the rest of the vehicle and use an open source exploit to extract the internal flash from the locked STM32. Next, I explain the process of reverse engineering the extracted binary to find how the device is rewriting can messages to manipulate the odometer value. Finally, I explain why odometer manipulation is an issue and share an example of how use of this device can potentially be detected after removal.

Friday 4:30 - 5:00 PM | Creator Stage 3 (Room 231)

Speaker: Ravi Rajput

Modern vehicles operate as real-time cyber-physical systems, where even subtle manipulations on the CAN bus can lead to catastrophic outcomes. Traditional anomaly detectors fall short when malicious actors mimic expected sensor behaviors while altering the vehicle's state contextually.

Friday 4:00 - 4:30 PM | Creator Stage 4 (Room 228)

Speaker: Danilo Erazo

In this talk, I reveal the discovery of a novel RTOS running on automotive head units, uncovered through hardware hacking and reverse engineering. This RTOS, found in thousands of vehicles, exhibits numerous bugs and intriguing functionalities. I demonstrate how a crafted PNG file was used as a backdoor to compromise the system, highlighting both the innovative features and critical vulnerabilities present in current automotive technologies.

Friday 4:30 - 5:00 PM | Creator Stage 2 (Room 232)

Speaker: Chiao-Lin Yu (Steven Meow)

Have you ever wondered how the On-Board Units (OBUs) in smart buses communicate and authenticate with Advanced Public Transportation Services (APTS) and Advanced Driver Assistance Systems (ADAS)? Shockingly, these systems can be easily tampered with and forged!

Saturday 1:00 - 1:30 PM | Creator Stage 2 (Room 232)

Speaker: Yago Lizarribar

In this talk we want to dive deep into the world of direct TPMS. These systems are used by a great portion of the cars today, and typically send information about a car’s tires wirelessly without any encryption or authentication. We show that it is feasible to capture these signals with very low cost hardware to build a tracking infrastructure. We present as well a tool that allows us to create custom TPMS messages and spoof the ECU of different cars.

Saturday 5:00 - 6:00 PM | Creator Stage 5 (Room 229)

Speaker: Jan Berens aka SP3ZN45

In this talk we present a collection of attacks against the most widely used EV charging protocol, by exploiting flaws in the underlying power-line communication technologies affecting almost all EVs and chargers.

Sunday 10:00 - 11:00 AM | Creator Stage 4 (Room 228)

Speaker: Ben Gardiner

Tanker trailers? Turns out those aren't just big, dumb hunks of metal. They have a powerline databus, PLC4TRUCKS, which is accessible wirelessly. We found ECUs running the KWP2000 diagnostic protocol on PLC4TRUCKS, supposedly secured with their fancy seed-key exchange. But guess what? Those seeds are way more predictable than they should be. A bit of timing trickery, a classic reset attack, and boom – we're in, no peeking at the ECU's responses needed. Blind, non-contact attacks on PLC4TRUCKS? Yep, we found a way.