Advanced CAN Injection Techniques for Vehicle Networks
by Charlie Miller & Chris Valasek
The end goal of a remote attack against a vehicle is physical control, usually by injecting CAN messages onto the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, she may not be able to disable the brakes or turn the steering wheel unless the car she is driving meets certain prerequisites, such as traveling below a certain speed. In this talk, we discuss how physical, safety critical systems react to injected CAN messages and how these systems are often resilient to this type of manipulation. We will outline new methods of CAN message injection which can bypass many of these restrictions and demonstrate the results on the braking, steering, and acceleration systems of an automobile. We end by suggesting ways these systems could be made even more robust in future vehicles.
Видео Advanced CAN Injection Techniques for Vehicle Networks канала Black Hat
The end goal of a remote attack against a vehicle is physical control, usually by injecting CAN messages onto the vehicle's network. However, there are often many limitations on what actions the vehicle can be forced to perform when injecting CAN messages. While an attacker may be able to easily change the speedometer while the car is driving, she may not be able to disable the brakes or turn the steering wheel unless the car she is driving meets certain prerequisites, such as traveling below a certain speed. In this talk, we discuss how physical, safety critical systems react to injected CAN messages and how these systems are often resilient to this type of manipulation. We will outline new methods of CAN message injection which can bypass many of these restrictions and demonstrate the results on the braking, steering, and acceleration systems of an automobile. We end by suggesting ways these systems could be made even more robust in future vehicles.
Видео Advanced CAN Injection Techniques for Vehicle Networks канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![First Contact - Vulnerabilities in Contactless Payments](https://i.ytimg.com/vi/YmJ4ULncNwg/default.jpg)
![The Discovery of a Government Malware and an Unexpected Spy Scandal](https://i.ytimg.com/vi/M5TsAQ59lMM/default.jpg)
![Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation](https://i.ytimg.com/vi/MRku-2fW42w/default.jpg)
![iOS Kernel PAC, One Year Later](https://i.ytimg.com/vi/7zCBOFxATFs/default.jpg)
![Come to the Dark Side, We Have Apples: Turning macOS Management Evil](https://i.ytimg.com/vi/pOQOh07eMxY/default.jpg)
![Beyond Root: Custom Firmware for Embedded Mobile Chipsets](https://i.ytimg.com/vi/5mRbq0d2Nss/default.jpg)
![hAFL1: Our Journey of Fuzzing Hyper-V and Discovering a 0-Day](https://i.ytimg.com/vi/ALcm6pmR8ck/default.jpg)
![Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid](https://i.ytimg.com/vi/TH17hSH1PGQ/default.jpg)
![RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise](https://i.ytimg.com/vi/Pe9nJLZvABM/default.jpg)
![Escaping Virtualized Containers](https://i.ytimg.com/vi/0hrv0qyOEd0/default.jpg)
![Portable Data exFiltration: XSS for PDFs](https://i.ytimg.com/vi/kMirO25kulw/default.jpg)
![Chip.Fail - Glitching the Silicon of the Connected World](https://i.ytimg.com/vi/CX71p_qcCxY/default.jpg)
![My Cloud is APT's Cloud: Investigating and Defending Office 365](https://i.ytimg.com/vi/ia0T8i7LAAI/default.jpg)
![Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip](https://i.ytimg.com/vi/bCjkAkXiwK4/default.jpg)
![IMP4GT: IMPersonation Attacks in 4G NeTworks](https://i.ytimg.com/vi/VzWsLmVDqZc/default.jpg)
![The B-MAD Approach to Threat Modeling](https://i.ytimg.com/vi/N5icvgTyg7k/default.jpg)
![Hey Google, Activate Spyware! – When Google Assistant Uses a Vulnerability as a Feature](https://i.ytimg.com/vi/IO5iBSV1VpE/default.jpg)
![Hacking a Capsule Hotel - Ghost in the Bedrooms](https://i.ytimg.com/vi/oO-WFAIK01s/default.jpg)
![Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases](https://i.ytimg.com/vi/Z81s7UIiwmI/default.jpg)
![Hiding Objects from Computer Vision by Exploiting Correlation Biases](https://i.ytimg.com/vi/Lfsc5TkJ07U/default.jpg)
![Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models](https://i.ytimg.com/vi/yppjP4_4n40/default.jpg)