Видео Подборка видео по поиску и эксплуатации уязвимостей в автомобильных системах

[fatmommy]

Надеюсь правильный раздел. Взял с t . me/cybred.

Самая большая подборка видео, посвященных поиску и эксплуатации уязвимостей в современных автомобильных системах. В системах бесключевого доступа (когда ты с помощью брелка можешь открыть двери, багажник или запустить двигатель), мультимедийных системах и сигнализациях. Некоторые из них могут помочь реализовать слежку за владельцем машины, угнать его автомобиль или устроить аварию.

— Bluetooth Low Energy Link Layer Relay Attack on a Tesla
(

)
— CANSECWEST 2021: Tbone Drone vs Tesla
(

)
— I Hacked Into My Own Car
(

)
— COSIC researchers hack Tesla Model X key fob
(

)
— Analysis and Defense of Automotive Networks
(

)
— Phantom of the ADAS: Phantom Attacks on Driving Assistance Systems
(

)
— Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars
(

)
— Thieves caught using keyless hack to steal £90,000 Tesla in 30 seconds
(

)
— What REALLY happens when you sync your phone in a car
(

)
— Exploiting fitted car alarms that have insecure apps
(

)
— Car Infotainment Hacking Methodology, Attack Surfaces
(https://www.youtube.com/watch?v=F0mYkI2FJ_4)
— Def Con 26 Car Hacking Village - CANT Tool
(https://youtu.be/TRn_Rz2JIYQ)
— vRS Rolling Code bypass preview
(https://youtu.be/ZMQrEv_fMh8)
— Tesla Model X Hack
(https://www.youtube.com/watch?v=1e3dsJExIYk)
— Elon Musk's view on Automotive Cyber-security
(https://youtu.be/2C-A797y8dA?t=3587)
— Tesla CAN bus data logging
(https://www.youtube.com/watch?v=54jQ7ut3FBA)
— How to steal a Tesla? (Uses fake WiFi hotspot and apps.)
(https://www.youtube.com/watch?v=5jQAX4540hA)
— Canspy: A Platform for Auditing Can Devices
(https://www.youtube.com/watch?v=1hPRcdwQioc)
— Andy Davis & David Claire - Vehicle cyber security and innovative assessment techniques
(https://www.youtube.com/watch?v=PLNyIHBSTXE)
— Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT
(https://www.youtube.com/watch?v=YLBQdO6a5IQ)
— Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab
(https://www.youtube.com/watch?v=c1XyhReNcHY)
— DEF CON 24 - Jianhao Liu, Chen Yan, Wenyuan Xu - Can You Trust Autonomous Vehicles?
(https://www.youtube.com/watch?v=orWqKWvIW_0)
— CAN Denial-of-Service Attack Demo on the Giulietta
(https://www.youtube.com/watch?v=PmcqCbRMCCk)
— CANtact: An Open Tool for Automotive Exploitation
(https://www.youtube.com/watch?v=77PXh8mqH98)
— State Of Automotive Cyber Safety - IATC - Joshua Corman
(https://www.youtube.com/watch?v=WcObDVy2-1I)
— Hacking a Car with an Ex-NSA Hacker: CYBERWAR
(https://www.youtube.com/watch?v=MeXfCNwMG64)
— Car Hacking Research: Remote Attack Tesla Motors by Keen Security Lab
(https://www.youtube.com/watch?v=c1XyhReNcHY)
— Hacking the Mitsubishi Outlander PHEV SUV
(https://www.youtube.com/watch?v=NSioTiaX_-Q)
— The Current State of Automotive Security
(https://www.youtube.com/watch?v=wPKyAvc8kUY)
— High-tech car theft: How to hack a car (CBC Marketplace)
(https://www.youtube.com/watch?v=ARrlhlQiFzM)
— SAE Cyber Auto Challenge Webinar
(http://video.sae.org/12127/)— README 1st - Open Garages
(https://www.youtube.com/watch?v=tKjMreFHTd4)
— DEF CON 23 - Vehicle Hacking Village - Josh Corman - Safer Sooner Automotive Cyber Safety
(https://www.youtube.com/watch?v=IO-MrkyHPpI)
— DEF CON 23 - Samy Kamkar - Drive it like you Hacked it: New Attacks and Tools to Wireless
(https://www.youtube.com/watch?v=UNgvShN4USU)
— DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S
(https://www.youtube.com/watch?v=KX_0c9R4Fng)
— DEF CON 23 - Vehicle Hacking Village - Eric Evenchick - SocketCAN
(https://www.youtube.com/watch?v=Ym8xFGO0llY)
— DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle
(https://www.youtube.com/watch?v=OobLb1McxnI)
— Ford Focus ECU fuzzing at DEFCON 23 Car Hacking Village
(https://www.youtube.com/watch?v=KjcectnX19Y)
— IATC - State of Automotive Cyber Safety - Josh Corman
(https://www.youtube.com/watch?v=g-a20ORka-A)
— OwnStar - hacking cars with OnStar to locate, unlock and remote start vehicles
(https://www.youtube.com/watch?v=3olXUbS-prU)
— Glitch allows hackers to control your car
(http://edition.cnn.com/videos/tech/2015/07/22/car-hacking-marsh-pkg-tsr.cnn)
— Hackers Remotely Kill a Jeep on the Highway
—With Me in It
(https://youtu.be/MK0SrxBC1xs)
— Hopping on the CAN Bus introduces CANard by Eric Evenchick at Black Hat Asia 2015
(https://www.youtube.com/watch?v=U1yecKUmnFo)
— Car Hacking by UCSD
(http://www.pbslearningmedia.org/resource/nvsn6.sci.tech.carhack/car-hacking/)
— DEF CON 22 - Charlie Miller & Chris Valasek - A Survey of Remote Automotive Attack Surfaces
(https://www.youtube.com/watch?v=tnYO4U0h_wY)
— Car Automation with your Android Phone: OBDLink LX
(https://www.youtube.com/watch?v=Q5p2LZAIZnI)
— 2014 Connected Car Expo: Automotive Cybersecurity: A frank discussion.
(https://www.youtube.com/watch?v=SFZApnWyzjw)
— Another Korean car hacking demo.
(https://www.youtube.com/watch?v=qt1xrRL9ULc)
— Black Hat USA 2014 - Embedded: A Survey of Remote Automotive Attack Surfaces
(https://www.youtube.com/watch?v=mNhFGJVq2HE)
— Your car is a giant computer - and it can be hacked
(http://money.cnn.com/2014/06/01/technology/security/car-hack/index.html)
— How to Hack a Car: Phreaked Out
(https://www.youtube.com/watch?v=3jstaBeXgAs)
— Vehicle Forensics - The Data Beyond the Dashboard
(https://www.youtube.com/watch?v=QjzxGsOm0Vo)
— Mazda RX8 CAN bus control demo of the instrument cluster
(https://www.youtube.com/watch?v=yoiKiuqtafQ)
— DEF CON 21 - Charlie Miller and Chris Valasek - Adventures in Automotive Networks and Control Units
(https://www.youtube.com/watch?v=n70hIu9lcYo)
— Ford wants you to join it in hacking car software and hardware
(https://venturebeat.com/2013/11/06/...t-in-hacking-car-software-and-hardware-video/)
— Two experts demonstrate carjacking gone digital
(http://www.today.com/video/two-experts-demonstrate-carjacking-gone-digital-39068227761)
— Automotive Consortium for Embedded Security
(https://www.youtube.com/watch?v=N61OL14cvOw)
— Digital Carjackers Show Off New Attacks
(https://youtu.be/oqe6S6m73Zw)
— Decoding CAN bus frames on a Toyota internal bus with SocketCAN and Linux
(https://www.youtube.com/watch?v=KHRPmjwXF1U)
— Luxury car theft
(https://youtu.be/HuLKormzWE4)
— Malicious App to Control a Car (Korean)
(http://news.sbs.co.kr/news/endPage.do?news_id=N1001370933)
— DARPA PM Kathleen Fisher, High Assurance Systems
(https://www.youtube.com/watch?v=3D6jxBDy8k8)
— iDriver - iPhone remote controlled car (https://www.youtube.com/watch?v=oHDwKT564Kk)

 

[Dread Pirate Roberts]

— Your car is a giant computer - and it can be hacked

this.
в автомобильных системах всё очень плохо. по крайней мере у моей ласточки
я недавно узнал, что у неё бортовой компьютер работает на линуксе, потом немного погуглил, и оказалось, что там вообще всё по классике эмбеддед устройств: захардкоденный логин-пароль + торчащий голой дупой в сеть сервер SSH, автоматически запускающийся на всех сетевых интерфейсах. если подключиться машиной к смартфону по WiFi или Bluetooth, то можно подключиться со смартфона к машине по SSH
это не говоря уже о контактах UART, удобно выведенных в бардачок, и что любое устройство, воткнутое в USB порт, предназначенный для флешки с музыкой, автоматически включается этим встроенным линуксом (при наличии драйверов на это устройство в древнем ядре 3.х, конечно же) то есть никакого whitelist-а только на устройства типа "USB storage" нет и в помине, можно спокойно пихать всякие сетевые адаптеры и USB Rubber Ducky.