Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Zoz – And That’s How I Lost My Other Eye… Explorations in Data Destruction

This DEF CON 23 presentation by Dr. Andrew ‘Zoz’ Brooks turned out a blast, so read about the ways to destroy data on hard disks, and don’t try this at home. Hello DEF CON! I’m actually going to break with tradition this time and start one minute early, because I have so much shit to show...

Remote Exploitation of an Unaltered Passenger Vehicle 7: Cyber Physical Action

This is the final part of Black Hat USA presentation by Charlie Miller and Chris Valasek, where they show a few demos of what can be done to a car remotely. Charlie Miller: We figured out eventually how to do that. Chris Valasek: These are the Lua scripts that we would use to actually send CAN messages on...

Remote Exploitation of an Unaltered Passenger Vehicle 6: Exploit Chain

The researchers continue looking into the vehicle attack workflow and examine cyber physical internals as well as the checksums to be able to control the Jeep. Chris Valasek: Let’s go through, very simply, how this works. You get on a cell network. You have your cell phone, you have your laptop, you have...

Remote Exploitation of an Unaltered Passenger Vehicle 5: Sending CAN Messages

Charlie and Chris venture to reach a new level of vehicle compromise by exploiting the V850 microcontroller’s firmware to remotely issue arbitrary commands. Charlie Miller: So far in this story, we could only play with your radio. It’s kind of cool, but not super-cool. Chris Valasek: What we had to do...

Remote Exploitation of an Unaltered Passenger Vehicle 4: Attacks Over Cellular Network

Having described a proof of concept regarding vehicle attacks over Wi-Fi, Charlie Miller and Chris Valasek move on to the cellular exploitation scenario. Charlie Miller: So, well, let’s see if we can do this over the cellular network, because then not only can you get from far away, but everyone will be...

Remote Exploitation of an Unaltered Passenger Vehicle 3: Uconnect Payloads

Charlie and Chris demonstrate what can be remotely done to a modern vehicle’s HVAC and infotainment system through deploying payloads on the head unit. Charlie Miller: So, we used a protocol called Dfeet, which we’ll show you in a second. What it looks like is it’s a cool GUI. And then, when we wrote...

Remote Exploitation of an Unaltered Passenger Vehicle 2: Connecting to the WPA2 Network

The researchers touch upon jailbreaking the Uconnect and shift the focus to attacking the Jeep’s head unit over Wi-Fi, in particular the hurdles along the way. Chris Valasek: Real quick – jailbreak (see right-hand image). Charlie gave you a teaser last year during the talk. It was a great way for us to...

Remote Exploitation of an Unaltered Passenger Vehicle

Twitter’s Charlie Miller and IOActive’s Chris Valasek present their research on the buzz topic of remotely hacking into the controls of the modern vehicles. Chris Valasek: I don’t know if we need introductions anymore. I’m Chris Valasek, Director of Vehicle Security Research at IOActive, and next to...

I will kill you 4: Creating the Shelf baby

Chris Rock focuses on virtual birthing here, describing a way to create a nonexistent baby, which is a new identity that can be used to one’s advantage. Okay, I’ve been given the wrap-up, so I’m going to go through this quickly. Now that we’ve killed somebody, what about birthing? It’s nearly the...

I will kill you 3: Workflow of a virtual kill

Becoming a funeral director, registering a fake death online and then getting access to someone’s funds are perfectly feasible tasks, Chris Rock argues. Instead of doing the fraudulent case of a funeral director, I actually thought it would be fun to find out how to become a funeral director myself (see...