Car Hacking: Witness Theory to Scary and Recover From Scare presented at SyScan360 2015

by Myles Kitchen, Jianhao Liu,

Summary : The 105M USD penalty on FCA expedites the car hacking chaos. We are now witnessing the transition from theory to scary, thanks for Chris and other researchers' hacking work. More researchers are getting involved into car hacking practices. Meanwhile, car makers are actively looking for vehicle security solutions or re-evaluating their connected-car architectures.
However, there are very few anti-hacking solutions so far. The existing hardwares proposed by researchers are not mature enough for the total protection solutions. How to recover from the hacking scary?
In the talk, Firstly, the authors will share the research works of vehicle attacking vectors based on the hands-on Tesla and BYD experiences. Approaches and toolkits will be explained to the audience. For example, how to reverse engineering the communication protocols to find the vulnerabilities, how to leverage the auto app weakness to remotely control cars. The latest research finding will also be showcased.
How to protect cars from hacking will be covered in the second part of the talk. There will be three demo scenarios under which the protection will be applied on. That is, 1) remotely hacking an OBD dongle; 2) misuse the car-controlling functions of smart car key apps and 3) remotely attack cars via telematic systems. The last but not the least, a total vehicle cyber security protection framework will be introduced to wrap up the talk.