Car Security Quarter -"Automotive Security Assessment" &"Car Hacking Made Easel"

ICE71

71 Ayer Rajah Crescent · Singapore

How to find us

ICE71 - Home of Division Zero (Div0) & Infosec In the City/SINCON

Location image of event venue

Details

AGENDA
- Networking (20mins)
- Introduction & Announcement (20mins)
- "Automotive Security Assessment Techniques & Tools from a Pentester's Perspective" by Keisuke Hirata (~30 mins)
- "Car Hacking Made "Easel"" by Alina Tan, Seow Chun Yong & Tan Pei Si (~30 mins)
- Networking (Till Late)

THANK YOU!
VENUE SPONSOR: ICE71

ABSTRACTS
# Automotive Security Assessment Techniques & Tools from a Pentester's Perspective #
Securing vehicles is a complex challenge. Their increased connectivity leaves them to a wide attack surface. The diversity in the technologies used also requires to develop different security assessment techniques.
From an attacker’s point of view, one difficulty is the manufacturer-specific nature of the technologies used. The automotive industry is a complex ecosystem, composed of different OEMs and suppliers, at different levels of the production chain. This variety of actors lead to products having their own specificities, with little publicly available information.

This talk will present some techniques and developed tools for approaching these black-box systems, from a pentester’s perspective. Different technologies will be discussed. Among them, the CAN network, which is the most safety-critical part and also the last stage of a complete remote-to-physical attack chain. From experience and observations, we will discuss some effective techniques and references that can be used for gathering information, understanding how ECUs behave and finding vulnerabilities.

# Car Hacking Made "Easel" #
Ever wanted to build a car hacking prototype within a month to learn more about a car? We understand the frustration in looking for general tutorials on getting started.

In this talk, we will address the moving parts to achieve a working prototype on a test bench. We will demonstrate how to reverse engineer the Controller Area Network (CAN) bus communication protocol using individual car components, spoofing packets using open source tools, and demonstrating exploitability with actual crafted payloads. Through adopting a systematic methodology, we demonstrate how an attacker could potentially exploit cars by compiling a comprehensive database that expedites the exploit development process.

IMPORTANT NOTICES
- Code of Conduct: https://www.div0.sg/code-of-conduct
- Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

NOTE
This meetup is also jointly a ASRG-SIN meetup (https://www.meetup.com/Automotive-Security-Research-Group-Singapore-ASRG-SIN/events/265613687/).