|PRESENTERS:||Chris Valasek, Director of Security Intelligence for IOActive and Charlie Miller, Security Researcher for Twitter.|
|PRESENTATION:||Adventures in Automotive Networks and Control Units|
|LOCATION:||Ottawa Convention Centre, Ottawa, Canada|
|DATE & TIME:||Thursday November 7, 2013 at 3:45pm|
The original automotive computers, or Electronic Control Units (ECU), were designed and introduced to improve fuel efficiency and reduce tail pipe emissions in the 1970s. They evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation examines some of the ECU controls in two modern automobiles from a security researcher’s point of view.
Chris and Charlie first cover the tools and software that you need to analyse a Controller Area Network (CAN) bus. Then, they demonstrate how to use this software to show how data can be read and written to the CAN bus. Next, they show how certain proprietary messages can be replayed by a device that is connected to an ODB-II connection. Using this connection, they take over critical car functionality, such as braking and steering. Finally, they discuss aspects of reading and modifying the ECU firmware that is installed in today’s modern automobile.
About Chris Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive. He specializes in attack methodologies, reverse engineering, and exploitation techniques. Valasek is widely regarded for his research on Windows heap exploitation. He regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.
About Charlie Miller
Charles Miller is a computer security researcher with Twitter. Prior to his current employment, he spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 he found a security hole in an iPhone’s or iPad’s security, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using iOS applications functions for malicious purposes. As a proof of concept, Miller created an application called Instastock that got approved by Apple’s App Store. He then informed Apple about the security hole, who then promptly expelled him from the App Store.
COUNTERMEASURE is Ottawa’s premier annual IT security conference and training event featuring the best of both offensive and defensive tactics. Past speakers have included globally recognized industry security researchers, Government of Canada representatives and seasoned enterprise security experts from the private sector.
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.