think like a hacker
play

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder - PowerPoint PPT Presentation

Oct 07, 2023 •344 likes •517 views

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 | Confidential Provided for Workshop use only Why Would a Hacker Want to Hack a Car? Cryptocurrency Personal Information Ransomware Mining

  1. “ Think Like a Hacker ” Assaf Harel, Chief Scientist and Co-Founder

  2. What Does it Mean? 2 | Confidential – Provided for Workshop use only

  3. Why Would a Hacker Want to Hack a Car? Cryptocurrency Personal Information Ransomware Mining (Infotainment/TCU) (Infotainment) (any ECU) Data Manipulation (Fleets) Controlling the Car Car/Cargo Theft (TCU) (Speed & Steering ECUs) (BCM) 3 | Confidential – Provided for Workshop use only

  4. The Automotive Industry is Doing a Great Job • Separating Domains • Securing Connectivity • Signing and Encrypting Images • Pen Testing • However … 4 | Confidential – Provided for Workshop use only

  5. It is All About Motivation Defcon – Car Healthcare Data Breach Statistics Domain Hacking Hacking Village 5 | Confidential – Provided for Workshop use only

  6. So How Does a Hacker Think? 6 | Confidential – Provided for Workshop use only

  7. A Hacker Looks for Two Attacks Type • Logical attacks – using existing functionality in unexpected scenarios • Code-Injection attacks – creating a new functionality in an existing module 7 | Confidential – Provided for Workshop use only

  8. Getting into the Car – A Foot in the Door BT WiFi 5G/LTE USB 5G/LTE DSRC Dongle Why Connectivity? • Diagnostics • FOTA 5G/LTE • Remote Control • Data monetization USB Dongle • Internet Services • V2X BT • Autonomous vehicle BT 5G/LTE WiFi 5G/LTE DSRC 8 | Confidential – Provided for Workshop use only

  9. Getting into the Car – Impersonation Example Attack a 01 hotspot Wait for an HTTP request 02 Router Drop packages 03 Answer as the server: from the server serving an image, 04 user/pwd, etc. 9 | Confidential – Provided for Workshop use only

  10. Getting into the Car – Other Ways? • Impersonation – act as the original service • Can I send a “ key fob ” command as the key? • Can I serve an update? • Undocumented opened service • Was a debug port left open? • Are admin & password connectivity enabled? • Exploiting coding vulnerabilities • Is command injection an option? • Can I manipulate the input? 11 | Confidential – Provided for Workshop use only

  11. Getting into the Car – Hackers Look for Code • Getting the image • Download updates from official sites • Get from flash (JTAG, UART) • Extract from memory • … and source is the best 12 | Confidential – Provided for Workshop use only

  12. Recent Automotive Research (Foot in the Door 1) “ Volkswagen Golf GTE and Audi A3 Sportback e-tron models … The two researchers said used a car's WiFi connection to exploit an exposed port and gain access to the car's IVI ” (*) https://www.bleepingcomputer.com/news/security/volkswagen- and-audi-cars-vulnerable-to-remote-hacking/ 14 | Confidential – Provided for Workshop use only

  13. Recent Automotive Research (Foot in the Door 2) • Browser hacking • “ QtCarBrowser Safari/534.34 “ • Changing the compare function in Java Script • Gaining access to the ECU Vulnerable Function (*) FREE-FALL: Hacking TESLA from Wireless to CAN Bus (Keen Security Lab, 2017) 15 | Confidential – Provided for Workshop use only

  14. In the Car – How Can We Pass the Gateway ? • Flash the Gateway • Hack the Gateway • Bypass the Gateway – • using approved CAN commands in unexpected scenarios 16 | Confidential – Provided for Workshop use only

  15. In the Car – How Can We Pass the Gateway ? • Hack it – Errors in Ethernet packet handling (Internal Research for Tier-1 company) • Sending the same packets 10 times has caused buffer overflow • Enables running a shell command (left on the device) • Enables changing the GW configuration • Bypass it – Activating Park Assistant (Internal Research for OEM company) • Setting the Park Assistant ECU to diagnostic mode while engine is running • Sending Park Assistant messages from another ECU, causing the wheel to turn • Relatively easy to do over CAN (no authentication) 17 | Confidential – Provided for Workshop use only

  16. In the Car – What About Other ECUs? • We can Flash ECUs using UDS commands • Many ECUs do not apply secure boot • Extract encryption keys from binary • Use a vulnerable older version • Send UDS commands (thru the Gateway) • Find Buffer Overflow • UDS protocol has potential for vulnerabilities • Enables running malicious code on the ECU 19 | Confidential – Provided for Workshop use only

  17. “ Think Like a Hacker ” Questions? 24 | Confidential – Provided for Workshop use only

Recommend

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught hacker/fixer Love retro-hardware CAN WE FIX IT? PROJECT 4 PRACTICAL REPAIRS FOR EVERYONE APRIL 2, 2016 HACKER HOTEL DATUM KLANT REFLOW BAKE

447 views • 23 slides
Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky chad@allthenticate.net Founder and CEO of Allthenticate My Journey 1990s: Internet pirate, hacker, and master tinkerer 2004-2008: College student at

809 views • 53 slides
CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure

929 views • 64 slides
Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the Mobile Platform Client Kresten Krab Thorup Hacker @drkrab About the Speaker Language Geek Emacs/TeX Hacker, Objective C, NeXT, GNU Compiled

963 views • 41 slides
From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com

313 views • 14 slides
STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me. CULTURE HACKER AGILE & LEAN Trainer SPEAKER Scrum & Agile User Groups Global Agile Conferences Guest Lecturer at

475 views • 19 slides
RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure We have

1.04k views • 52 slides
<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker varnish hacker Operations & Engineering at Wikia Thursday, July 23, 2009 Wikia Hosts wiki communities www.wowwiki.com (second largest)

1.16k views • 103 slides
A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake at night... Adam Laurie adam@thebunker.net http://www.thebunker.net FIRST Geek Zone Seville, 2007 Contents InfraRed RFID ATMs /

1.34k views • 92 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides
When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from 1907 to 1922 American women lost their American citizenship by marrying non-Americans without even leaving the United States? Did these women regain

642 views • 43 slides
Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything you do to a remote system without authorization is illegal Use common sense Federal prison is bad Overview of Today Brief overview

348 views • 13 slides
W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

Network concepts introduction & wireshark W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity to learn something new

942 views • 46 slides
Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open

Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open

Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open source under Apache License v2.0.) Questions to be Answered: Why? Brief Example Demonstration What can it do? How does it work?

494 views • 20 slides
An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu Weve got a problem. Why? Attacks are

262 views • 15 slides
Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi

Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi

Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi Talbi Security researcher at Stormshield haka-security project. Past life: academia (phd, postdoc, ) Main research topics: advanced

1.61k views • 94 slides
Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack

Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack

Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing

423 views • 31 slides
Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing

Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing

Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing a high value on freedom of inquiry; hostility to secrecy Information-sharing as both an ideal and a practical strategy Upholding the right to

549 views • 15 slides
How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas,

How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas,

How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas, some projects, and development infrastructure to get ideas where to get involved. Andr . Klapper <aklapper@wikimedia.org> | Daniel

243 views • 23 slides
SwimTimer App an exercise in UI-design Bay Area Mobile Meetup - Hacker Dojo - Thu Jul 7,

SwimTimer App an exercise in UI-design Bay Area Mobile Meetup - Hacker Dojo - Thu Jul 7,

SwimTimer App an exercise in UI-design Bay Area Mobile Meetup - Hacker Dojo - Thu Jul 7, 2011 Frank Siebenlist FrankS@CreativeApptitude.com Monday, July 11, 2011 What? SwimTimer App Demo High-level App Implementation Features

480 views • 14 slides
RIAK ON DRUGS (AND THE OTHER WAY AROUND) Kresten Krab Thorup CTO, Trifork About the Speaker

RIAK ON DRUGS (AND THE OTHER WAY AROUND) Kresten Krab Thorup CTO, Trifork About the Speaker

RIAK ON DRUGS (AND THE OTHER WAY AROUND) Kresten Krab Thorup CTO, Trifork About the Speaker Language/Runtime Geek Emacs/TeX Hacker, Objective C, NeXT, GNU Compiled Java, Java Generics, J2EE, Erlang Hacker, Ph.D. Trifork CTO Conference

759 views • 35 slides
Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Partners in Information Security Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu Rombaut Traxion Smartphones will never be secure Since security is not a simple notion What & Whom

331 views • 18 slides
Monitoring of membrane failure due to pinhole formation Viktor Hacker, Eva Wallnfer Department

Monitoring of membrane failure due to pinhole formation Viktor Hacker, Eva Wallnfer Department

Monitoring of membrane failure due to pinhole formation Viktor Hacker, Eva Wallnfer Department of Chemical Engineering and Environmental Technology, TU GRAZ, Austria Peter Prenninger AVL List GmbH, Austria Trondheim, June 23 rd ,2009

474 views • 20 slides
bonobo Simple ETL in Python 3.5+ Romain Dorgueil @rdorgueil CTO/Hacker in Residence LAtelier

bonobo Simple ETL in Python 3.5+ Romain Dorgueil @rdorgueil CTO/Hacker in Residence LAtelier

bonobo Simple ETL in Python 3.5+ Romain Dorgueil @rdorgueil CTO/Hacker in Residence LAtelier BNP Paribas Technical Co-founder WeAreTheShops (Solo) Founder RDC Dist. Agency Eng. Manager Sensio/SensioLabs Developer A ffi liationWizard

1.42k views • 82 slides

More recommend