DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded Systems

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded Systems - Martin Petran

Рет қаралды 14,035

8 ай бұрын

The CAN bus is a traditional communication standard used (not only) in automotive to allow different components to talk to each other over reliable connection. While one of the primary motivators for CAN bus introduction was to reduce the amount of wiring inside vehicles, it became popular for its robustness, flexibility, and ease of implementation for which it is now used in almost every vehicle.As with any other protocol, it is a well-defined standard that enforces all aspects of the communication from the physical media to the message format and its processing. The formal protocol specifications like this are often seen as the source of the absolute truth when working with various transfer protocols. Such specifications are very strict on the format of the messages that belong to the given protocol and thus it is natural that developers that are familiar with it are often relying upon this information when developing their applications.In this talk, we will look at what happens when the attacker decides not to adhere to the protocol specification and uses the available metadata fields within the well-defined message in their own way. Would libraries provided by the device manufacturers handle this situation or is it left to the developer? And could a wrong assumption about the message format lead to a vulnerability?

Пікірлер: 15

@lollubrick 8 ай бұрын

this dude must have made a blood sacrifice to the demo gods for this to have worked without the demo failing lol 🤣🤣🤣🤣🤣🤣🤣😂😂😂😂😂😂😂😂😂😂😂🤣🤣👍👍👍

@pingu-ts 8 ай бұрын

Interesting talk. Because we tell in our seminars for over 20 years, that you should be careful with DLC > 8 as they are undefined. Some people have used this as a feature to indicate additional things. But then in the implementation you have to be careful, because there are CAN controllers, that may issue error frames, when they see a CAN frame with DLC > 8, some CAN controllers who ignore those frames, and some who forward those frames. Regarding the Q&A at the end: he may didn't read the spec, because the minimum CAN XL frame is 1 byte. This is why the DLC is now from 0 to 2047, which actually means 1 to 2048 bytes.

@tyjohnston5889 8 ай бұрын

Awesome. Very interesting. I started messing around with ESP'S a little bit over a year ago. Definitely an addiction now lol.

@oskar1504 7 ай бұрын

Fact. Used them to control lego trains and some relays for my own smarthome.

@oskar1504 7 ай бұрын

Great talk.

@jdrissel 8 ай бұрын

I had though of using Can Bus jamming as a vehicle immobilizer. It probably would stop the headlight hack too, but you would need some way to turn it off before you unlock the car with your remote...

@kumaclimber 7 ай бұрын

Noted

@bragr_ 7 ай бұрын

You're overcomplicating it. Just ground the can bus lines and there is no network.

@aquahood 8 ай бұрын

WolfSLL can use SSL and TLS over any protocol CAN, Serial, I2C UART JTAG etc...

@TradieTrev 8 ай бұрын

Why would you need the protection consider people have access on the local lan?

@johnnyrocket3002 5 ай бұрын

All roads lead back to the sacred mother of connectivity bois, brush up on that CCNP and learn you network protocols. The future belongs to those than know how to encrypt data tunnels and verify data integrity. Happy hunting!

@bearwolffish 8 күн бұрын

When people ask what language to learn I always think the protocol, once understand the mechanics you can implement in any language.