IOActive


About Us

Services

News

IOActive Labs

Contact
IOActive Labs IOBOT! Click to learn more.



IOActive's IOAsis
 
Adventures in Automotive Networks and Control Units

Thursday, August 1, 2013

Time 10:00am

Location: DEFCON

Session Title: Adventures in Automotive Networks and Control Units

Speakers: Chris Valasek, Director of Security Intelligence, IOActive & Charlie Miller, Security Enginer, Twitter

Details: Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher's point of view. We will first cover the requisite tools and software needed to analyze a Controller Area Network (CAN) bus. Secondly, we will demo software to show how data can be read and written to the CAN bus. Then we will show how certain proprietary messages can be replayed by a device hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, we'll discuss aspects of reading and modifying the firmware of ECUs installed in today's modern automobile.


Bio:

Chris Valasek is the Director of Security Intelligence at IOActive, an industry leader that offers comprehensive computer security services, where he specializes in attack methodologies, reverse engineering and exploitation techniques. While widely regarded for his research on Windows heap exploitation, Valasek also regularly speaks on the security industry conference circuit on a variety of topics. His previous tenures include Coverity, Accuvant LABS and IBM/ISS. He is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.


Charlie Miller (@0xcharlie) is a security engineer at Twitter. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated".



Return to IOAsis Home