Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Remote Exploitation of an Unaltered Passenger Vehicle 6: Exploit Chain

The researchers continue looking into the vehicle attack workflow and examine cyber physical internals as well as the checksums to be able to control the Jeep. Chris Valasek: Let’s go through, very simply, how this works. You get on a cell network. You have your cell phone, you have your laptop, you have...

Remote Exploitation of an Unaltered Passenger Vehicle 5: Sending CAN Messages

Charlie and Chris venture to reach a new level of vehicle compromise by exploiting the V850 microcontroller’s firmware to remotely issue arbitrary commands. Charlie Miller: So far in this story, we could only play with your radio. It’s kind of cool, but not super-cool. Chris Valasek: What we had to do...

Remote Exploitation of an Unaltered Passenger Vehicle 4: Attacks Over Cellular Network

Having described a proof of concept regarding vehicle attacks over Wi-Fi, Charlie Miller and Chris Valasek move on to the cellular exploitation scenario. Charlie Miller: So, well, let’s see if we can do this over the cellular network, because then not only can you get from far away, but everyone will be...

Remote Exploitation of an Unaltered Passenger Vehicle 3: Uconnect Payloads

Charlie and Chris demonstrate what can be remotely done to a modern vehicle’s HVAC and infotainment system through deploying payloads on the head unit. Charlie Miller: So, we used a protocol called Dfeet, which we’ll show you in a second. What it looks like is it’s a cool GUI. And then, when we wrote...

Remote Exploitation of an Unaltered Passenger Vehicle 2: Connecting to the WPA2 Network

The researchers touch upon jailbreaking the Uconnect and shift the focus to attacking the Jeep’s head unit over Wi-Fi, in particular the hurdles along the way. Chris Valasek: Real quick – jailbreak (see right-hand image). Charlie gave you a teaser last year during the talk. It was a great way for us to...

Remote Exploitation of an Unaltered Passenger Vehicle

Twitter’s Charlie Miller and IOActive’s Chris Valasek present their research on the buzz topic of remotely hacking into the controls of the modern vehicles. Chris Valasek: I don’t know if we need introductions anymore. I’m Chris Valasek, Director of Vehicle Security Research at IOActive, and next to...

I will kill you 4: Creating the Shelf baby

Chris Rock focuses on virtual birthing here, describing a way to create a nonexistent baby, which is a new identity that can be used to one’s advantage. Okay, I’ve been given the wrap-up, so I’m going to go through this quickly. Now that we’ve killed somebody, what about birthing? It’s nearly the...

I will kill you 3: Workflow of a virtual kill

Becoming a funeral director, registering a fake death online and then getting access to someone’s funds are perfectly feasible tasks, Chris Rock argues. Instead of doing the fraudulent case of a funeral director, I actually thought it would be fun to find out how to become a funeral director myself (see...

I will kill you. Part 2: Accessing EDRS

After the introduction, Chris Rock demonstrates how easy it is for a hacker to access and manipulate the Electronic Death Registration System. How does a doctor get access to EDRS, or how does a hacker get access to EDRS? Here is a form that the doctor will fill out (see right-hand image), with the obvious...

Chris Rock – I will kill you

In the course of his DefCon 23 presentation, Australian security expert Chris Rock demonstrates how fake death or birth records can be created these days. DefCon host: When I was going through the schedule trying to see what speakers we’re going to be watching, I saw this description and said “Oh yeah, I...