|PRESENTERS:||Chris Valasek, director of security intelligence for IOActive and Charlie Miller, security researcher for Twitter.|
|PRESENTATION:||Adventures in Automotive Networks and Control Units|
|CONFERENCE:||H2HC – Hackers To Hackers Conference|
|LOCATION:||Novotel Morumbi, Sao Paulo, Brasil|
|DATE & TIME:||Sunday October 6, 2013 at 11:50am|
Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher’s point of view.
Chris and Charlie will first cover the requisite tools and software needed to analyse a Controller Area Network (CAN) bus. Secondly, they will demo software to show how data can be read and written to the CAN bus. They will then show how certain proprietary messages can be replayed by a device that is hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, they will discuss aspects of reading and modifying the firmware of ECUs installed in today’s modern automobile.
About Chris Valasek
Christopher Valasek is the Director of Security Intelligence at IOActive. He specializes in attack methodologies, reverse engineering, and exploitation techniques. Valasek is widely regarded for his research on Windows heap exploitation. He also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS, and IBM/ISS. Valasek is also the Chairman of SummerCon, the nation’s oldest hacker conference. Chris holds a B.S. in Computer Science from the University of Pittsburgh.
About Charlie Miller
Charles Miller is a computer security researcher with Twitter. Prior to his current employment, he spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple. In 2008 he won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver Canada for being the first to find a critical bug in the ultrathin MacBook Air. The next year, he won $5,000 for cracking Safari. In 2009 he also demonstrated an SMS processing vulnerability that allowed for complete compromise of the Apple iPhone and denial-of-service attacks on other phones. In 2011 he found a security hole in an iPhone’s or iPad’s security, whereby an application can contact a remote computer to download new unapproved software that can execute any command that could steal personal data or otherwise using iOS applications functions for malicious purposes. As a proof of concept, Miller created an application called Instastock that got approved by Apple’s App Store. He then informed Apple about the security hole, who then promptly expelled him from the App Store.
Hackers To Hackers Conference (H2HC) is a conference organized by people who work or who are directly involved in research and development in the area of information security, whose main objective is to enable the dissemination, discussion and exchange of knowledge about information security among participants and also among the companies involved in the event. With training and lectures presented by respected members of the corporate world, research groups and underground community, this year’s conference promises to demonstrate techniques that have never been seen or discussed with the public before.
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.