aaron weaver - owasp foundation
TRANSCRIPT
![Page 1: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/1.jpg)
![Page 2: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/2.jpg)
Aaron Weaver
Principal Security Analyst, Pearson eCollege
OWASP Philadelphia Chapter Leader
![Page 3: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/3.jpg)
R-Link
![Page 4: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/4.jpg)
“
”
Patrick Hoffstetter, Renault’s Chief Digital
Officer
The car is becoming a new
platform,” said Mr. Hoffstetter. He
said the seven-inch device can be
controlled by voice recognition or by
buttons on the steering wheel. “We
need help now,” he said. “We
need developers to work on
apps.”
![Page 5: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/5.jpg)
![Page 6: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/6.jpg)
100 MB of binary code spread
across 50–70
independent computers
![Page 7: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/7.jpg)
Can Bus
![Page 8: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/8.jpg)
Ethernet for Cars
![Page 9: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/9.jpg)
ABS
Seat Position
Engine
Control
Transmission
Suspension
Outside Mirror
Air Conditioner
Instrument Panel
CAN
BUS
Battery
![Page 10: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/10.jpg)
OBD-II
• On-Board Diagnostics
![Page 11: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/11.jpg)
![Page 12: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/12.jpg)
“
”
-Automotive Industry Professional
Most of the information in this
field is proprietary and you
are sworn by the car
companies to not disclose it.
![Page 13: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/13.jpg)
![Page 14: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/14.jpg)
CAN Security Challenges
• Broadcast Nature • Fragility to DoS • No Authenticator Fields • Weak Access Control
![Page 15: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/15.jpg)
![Page 16: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/16.jpg)
![Page 17: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/17.jpg)
Android Torque
![Page 18: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/18.jpg)
![Page 19: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/19.jpg)
Programming Header
![Page 20: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/20.jpg)
Arduino + CanBus
![Page 21: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/21.jpg)
![Page 22: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/22.jpg)
![Page 23: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/23.jpg)
![Page 24: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/24.jpg)
![Page 25: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/25.jpg)
WHAT’S POSSIBLE?
![Page 26: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/26.jpg)
![Page 27: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/27.jpg)
![Page 28: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/28.jpg)
![Page 29: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/29.jpg)
![Page 30: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/30.jpg)
Firewall for my car?
![Page 31: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/31.jpg)
![Page 32: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/32.jpg)
![Page 33: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/33.jpg)
Tire Pressure Monitoring System [TPMS]
![Page 34: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/34.jpg)
![Page 35: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/35.jpg)
What is it?
![Page 36: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/36.jpg)
http://transition.fcc.gov/oet/ea/fccid/
![Page 37: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/37.jpg)
![Page 38: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/38.jpg)
![Page 39: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/39.jpg)
![Page 40: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/40.jpg)
![Page 41: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/41.jpg)
[Automotive Persistent Threat]
![Page 42: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/42.jpg)
“
”
Source: Comprehensive Experimental Analyses
of Automotive Attack Surfaces
This progression mirrors the
evolution of desktop computer
compromises: from individual
attacks, to mass exploitation
via worms and viruses, to third-
party markets selling
compromised hosts as a service.
![Page 43: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/43.jpg)
Guy Disables More Than 100 Cars Remotely
![Page 44: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/44.jpg)
“
”
Automotive Industry Professional
…CAN bus security was
very much on my mind.
![Page 45: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/45.jpg)
![Page 46: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/46.jpg)
![Page 47: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/47.jpg)
![Page 48: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/48.jpg)
Ford’s Security
• A successful attack should require physical access to the internals of the module
• A successful attack of one device should not be transferrable to immediately hack all devices
• A general perimeter security architecture including hardware should be used to protect the most sensitive components
• External non-hardwired or user accessible interfaces should be hardened as much as possible with multiple levels of protection
Source: Michael Westra, Sync Lead Ford
![Page 49: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/49.jpg)
Ford’s Security
• Protect the vehicle interface at all cost
• …or to the same level as physical interfaces for serviceability currently mandated by law
• Anyone’s failure gives everyone a black-eye
Source: Michael Westra, Sync Lead Ford
![Page 50: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/50.jpg)
![Page 51: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/51.jpg)
BMW AppCenter
![Page 52: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/52.jpg)
![Page 53: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/53.jpg)
![Page 54: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/54.jpg)
![Page 55: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/55.jpg)
![Page 56: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/56.jpg)
![Page 57: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/57.jpg)
![Page 58: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/58.jpg)
Jam the laser?
![Page 59: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/59.jpg)
![Page 60: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/60.jpg)
![Page 62: Aaron Weaver - OWASP Foundation](https://reader030.vdocuments.net/reader030/viewer/2022012621/61a141fd62a46920d2539f65/html5/thumbnails/62.jpg)
References
• http://autosec.org
• Experimental Security Analysis of a Modern Automobile
• Comprehensive Experimental Analyses of Automotive Attack Surfaces