A highly anticipated car hacking Defcon presentation will detail how cars can be physically hijacked via mechanisms designed to assess automotive faults.
The presentation by IOActive security intelligence director Chris Valasek and Twitter security engineer and famous Apple hacker Charlie Miller would delive into how controller area networks (CAN) and automobile firmware can bypass a car's safety features.
The CAN protocol enabled car electronic systems to communicate without the need for a centralised computer.
The two researchers picked apart a 2010 Ford Escape and Toyota Prius aided by an $US80,000 grant from the US Defense Advanced Research Projects Agency, Forbes reported. Diagnostic CAN messages were designed to identify car issues for repair, but could be manipulated to "physically control the automobile under certain conditions", Valasek said.
In addition, the duo would demonstrate how more routine CAN traffic could be used to overtake safety control mechanisms. They would also explain how firmware modification could permit "permanent" changes to a car's behaviour.
Valasek said all of the research being presented, which included documentation, code and tools, was based on findings from having direct access to the cars and would involve no remote attack vectors or exploits.
"At the very least, you will be able to recreate our results, and with a little work, should be able to start hacking your own car!" he wrote.
The talk would be part of opening day for DefCon 21.
The presentation by IOActive security intelligence director Chris Valasek and Twitter security engineer and famous Apple hacker Charlie Miller would delive into how controller area networks (CAN) and automobile firmware can bypass a car's safety features.
The CAN protocol enabled car electronic systems to communicate without the need for a centralised computer.
The two researchers picked apart a 2010 Ford Escape and Toyota Prius aided by an $US80,000 grant from the US Defense Advanced Research Projects Agency, Forbes reported. Diagnostic CAN messages were designed to identify car issues for repair, but could be manipulated to "physically control the automobile under certain conditions", Valasek said.
In addition, the duo would demonstrate how more routine CAN traffic could be used to overtake safety control mechanisms. They would also explain how firmware modification could permit "permanent" changes to a car's behaviour.
Valasek said all of the research being presented, which included documentation, code and tools, was based on findings from having direct access to the cars and would involve no remote attack vectors or exploits.
"At the very least, you will be able to recreate our results, and with a little work, should be able to start hacking your own car!" he wrote.
The talk would be part of opening day for DefCon 21.
No comments:
Post a Comment