- Networking (20mins)
- Introduction & Announcement (20mins)
- "Automotive Security Assessment Techniques & Tools from a Pentester's Perspective" by Keisuke Hirata (~30 mins)
- "Car Hacking Made "Easel"" by Alina Tan, Seow Chun Yong & Tan Pei Si (~30 mins)
- Networking (Till Late)
VENUE SPONSOR: ICE71
# Automotive Security Assessment Techniques & Tools from a Pentester's Perspective #
Securing vehicles is a complex challenge. Their increased connectivity leaves them to a wide attack surface. The diversity in the technologies used also requires to develop different security assessment techniques.
From an attacker’s point of view, one difficulty is the manufacturer-specific nature of the technologies used. The automotive industry is a complex ecosystem, composed of different OEMs and suppliers, at different levels of the production chain. This variety of actors lead to products having their own specificities, with little publicly available information.
This talk will present some techniques and developed tools for approaching these black-box systems, from a pentester’s perspective. Different technologies will be discussed. Among them, the CAN network, which is the most safety-critical part and also the last stage of a complete remote-to-physical attack chain. From experience and observations, we will discuss some effective techniques and references that can be used for gathering information, understanding how ECUs behave and finding vulnerabilities.
# Car Hacking Made "Easel" #
Ever wanted to build a car hacking prototype within a month to learn more about a car? We understand the frustration in looking for general tutorials on getting started.
In this talk, we will address the moving parts to achieve a working prototype on a test bench. We will demonstrate how to reverse engineer the Controller Area Network (CAN) bus communication protocol using individual car components, spoofing packets using open source tools, and demonstrating exploitability with actual crafted payloads. Through adopting a systematic methodology, we demonstrate how an attacker could potentially exploit cars by compiling a comprehensive database that expedites the exploit development process.
- Code of Conduct: https://www.div0.sg/code-of-conduct
This meetup is also jointly a ASRG-SIN meetup (https://www.meetup.com/Automotive-Security-Research-Group-Singapore-ASRG-SIN/events/265613687/).