CAR
HACKING TALK – CDM 350 – 10/15/19 @ 6:00 PM ? 8:30 PM*
– Have you ever wondered how people hack cars and what techniques
they use to discover vulnerabilities? Well, Security Daemons will be
hosting a Car Hacking Event on October 15th, 2019! The event will be hosted
in room 350 of the College of Computing and Digital Media building (CDM), and
will be held from 6:00 PM ? 8:30 PM.
– Neiko Rivera and Ryan Quasney will be our two presenters who have
been car hacking for over a year. Both will be assisted by Austin
Bransky, who also has experience with car hacking. Neiko and Austin have
both attended SAE CyberAuto. They each have their own specialty in the
field which makes this event more special, we?ll be learning multiple
techniques and different avenues to hacking a car! Ryan Quasney
participates in bug bounty programs for car hacking through
Bugcrowd. Neiko also participates in bug bounty programs through
Bugcrowd, as well as HackerOne.
– If you?re interested in learning more about car hacking, how to
get
into the field of car hacking, or bug bounty programs, come by the
event on the 15th! There will be pizza and refreshments provided.
Before going to this event, I didn’t know what to expect. It was called a car hack, but I had never thought you could actually hack cars and do anything useful with that. I always saw the concept in video games like Watchdogs, but didn’t think you could do anything like that (specifically take control of engines), although the implementation of autopilot in cars is making that all the more possible. At the event, they talked about the different ways cars can be hacked. You can clone key fobs to replicate the signal from the original key, and you can also relay the keys signal to the car as the owner walks away. They mostly talked about crypto-graphically hacking cars, which is not widely used because of the complexity and prior work required for it to work. In relation to computer science, this helped me to understand that everything uses computers in some way. I also learned that even when something is outdated or insecure it will still be used. If I were to go to an event like this again, I would want to do some research beforehand so I know more about what is being presented on. As well as take notes on things that aren’t too clear and ask questions about what confuses you.
When I was told about this event to talk about people hacking cars i didn’t now what to except or why someone would hack into a car in the first place or what they could get out of hacking into a car. Things I found interesting about the event was how most car still use 40-bit encryption which is not secure at all and some programs cars used don’t have any at all like the program telnet I think it was called. Then they talked about how most of the software they used is from the early 90’s and how most of the programs they use have been broken since the early 2000’s. Something interesting they showed us was how using a small device they could hack into your car and open and start it. They did this by if your car had a key fob they would first send a two messages to the car and then they would then walk near the fob and sent that message to the fob and with those two messages they could get the secret key the car and fob use to open the car and start it and use can do this in a few minutes and drive off with the car no problem. Another thing I found interesting about going was that if you get into the cars files you can find a persons phone info to if they have connected to the car with Bluetooth can steal some data of the person from the things the car has about the phone and data like where the person has been and driven to and from. They also said how most of this software these car companies use they don’t make it is by another company and they really don’t test the software to make sure it is secure they just go off by what that other company has said it is. I would go to another one of these and maybe see if there are ones that lets you test out the equipment these people use to hack into cars and see it in person and see more in-depth on how this all works.
I didn’t know much about car hacking before this event. I thought that most cars were secure in terms of the difficulty of being unlocked remotely. You often see in movies where hackers can control cars from their laptop, however, I thought it was just fiction. Although, what I learned at the event wasn’t exactly parallel with the movies, it was close enough to be a real shock. One interesting thing I learned was that most infotainment systems use common operating systems, such as Android, QNX, Windows, Ubuntu. These systems often have known vulnerabilities that could be used to give access to unwanted clients. In addition, I found very interesting that they bring in ethical issues as well. In the companies that create the lock chips know that the chips are poor quality and have hardware that’s been cracked for more than 2 decades now. However, companies like Tesla continue to buy these systems because they trust that the 3rd party they’re buying from have proper protection. The talk helped me understand more about computer science by showing that coding languages such as Java, C, C++, and Assembly are used in cracking the cars computer system allowing a hacker to gain access to the car and the lock system. I think the talk was very interesting and I would love to attend another one similar to this, as hacking is a very interesting topic because it brings to question our security and safety in a era where more and more things are being transferred to computers.