It's our first ASRG-SIN x Div0 meetup! We would be featuring 2 Automotive cybersecurity talks:
Date: 11th November 2019
71 Ayer Rajah Crescent, 02-18, Singapore[masked]
1845 – 1915: Networking
1915 – 1930: Introduction to ASRG-SIN and CSQDiv0
1930 – 2000: Topic 1 — Automotive Security Assessment Techniques and Tools from a Pentester's Perspective
2000 – 2030: Topic 2 — Car Hacking made "Easel"
2030 – late: Question and Answers/Networking Session
Speaker 1: Keisuke Hirata
Topic: Automotive Security Assessment Techniques and Tools from a Pentester's Perspective
Abstract: Securing vehicles is a complex challenge. Their increased connectivity leave them to a wide attack surface. The diversity in the technologies used also requires to develop different security assessment techniques.
From an attacker’s point of view, one difficulty is the manufacturer-specific nature of the technologies used. The automotive industry is a complex ecosystem, composed of different OEMs and suppliers, at different levels of the production chain. This variety of actors lead to products having their own specifities, with little publicly available information.
This talk will present some techniques and developed tools for approaching these black-box systems, from a pentester’s perspective. Different technologies will be discussed. Among them, the CAN network, which is the most safety-critical part and also the last stage of a complete remote-to-physical attack chain. From experience and observations, we will discuss about some effective techniques and references that can be used for gathering information, understanding how ECUs behave and finding vulnerabilities.
Speaker 2: Alina Tan, Seow Chun Yong, Tan Pei Si
Topic: Car Hacking made "Easel"
Ever wanted to build a car hacking prototype within a month to learn more about a car? We understand the frustration in looking for general tutorials on getting started.
In this talk, we will address the moving parts to achieve a working prototype on a test bench. We will demonstrate how to reverse engineer the Controller Area Network (CAN) bus communication protocol using individual car components, spoofing packets using open source tools, and demonstrating exploitability with actual crafted payloads. Through adopting a systematic methodology, we demonstrate how an attacker could potentially exploit cars by compiling a comprehensive database that expedites the exploit development process.
Thank you to ICE71 for being our venue sponsor!