1
CONNECTED CAR HACK UNDER THE HOOD OF A new security vulnerabilites all drivers should be aware of. Today’s modern vehicles can contain over 100 processors, many of which control critical systems within the vehicle. Essentially a computer on wheels, the connected car presents MULTIPLE POINTS OF VULNERABILTY PRIMARY ATTACK POINTS CAR GETS HACKED devices which monitor speed, braking, and location. Located underneath the dashboard, the OBD2 port is a physical connection that is highly vulnerable. This diagnostic port is used to connect third-party OBD2 Port that expose vehicle data or functionality. Interfacing with vehicle systems are applications running on the driver’s personal mobile device. These applications may contain binary libraries MOBILE APPLICATIONS Infotainment Engine Locks Brakes System Airbags OBD2 Port EXTRACT BINARY CODE FROM DEVICE REVERSE-ENGINEER SOFTWARE TAMPER WITH BINARY CODE REDEPLOY MALICIOUS SOFTWARE High Threat Moderate Threat Low Threat Mobile Applications 1 2 3 4 easily hacked if not protected. Typically the primary communication interface of a connected car, the infotainment system hosts high-value and sensitive applications that are INFOTAINMENT SYSTEM 1 & 2 3 4 KEEP SOFTWARE UPDATED: DON’T JAILBREAK YOUR CAR OR DEVICE: CHECK OUTLETS PERIODICALLY: ASK MANUFACTURER IF APPS ARE HARDENED: TO PREVENT IT WHAT YOU CAN DO HOW A CONNECTED HACKABILITY Check with your manufacturer and service provider to make sure you always have the In addition to making your car less secure, it may also void warranties. what you choose to plug in. Make sure you know what is plugged into any USB or OBD2 ports on your vehicle. Carefully consider latest version installed. to download. Verify that all mobile and pre-installed apps are hardened, in addition to any third-party apps you choose VEHICLE TO VEHICLE VEHICLE TO VEHICLE TO DEVICE NFC 802.11p 802.11p INFRASTRUCTURE What’s 802.11p? A new wireless standard that enables ITS or Intelligent Transportation Systems. Did you know? By 2020, it’s expected that 75% of cars shipped globally will have internet connectivity. Reverse-engineering tools (i.e. IDA pro) are fast, low in cost and easy-to-use.

Infographic under the hood of a connected car hack

Embed Size (px)

Citation preview

Page 1: Infographic under the hood of a connected car hack

CONNECTED CAR

HACKUNDER THE HOOD OF A

new security vulnerabilites all drivers should be aware of.

Today’s modern vehicles can contain over 100 processors, many of which control critical systems within the vehicle.

Essentially a computer on wheels, the connected car presents

MULTIPLE POINTS OF VULNERABILTY

PRIMARY ATTACK POINTS

CAR GETS HACKED

devices which monitor speed, braking, and location.

Located underneath the dashboard, the OBD2 portis a physical connection that is highly vulnerable.This diagnostic port is used to connect third-party

OBD2 Port

that expose vehicle data or functionality.

Interfacing with vehicle systems are applicationsrunning on the driver’s personal mobile device.These applications may contain binary libraries

MOBILE APPLICATIONS

Infotainment

Engine

Locks

Brakes

System

Airbags

OBD2 Port

EXTRACT BINARY CODEFROM DEVICE

REVERSE-ENGINEERSOFTWARE

TAMPER WITHBINARY CODE

REDEPLOYMALICIOUS SOFTWARE

High ThreatModerate ThreatLow Threat

MobileApplications

1

2

3

4

easily hacked if not protected.

Typically the primary communication interface of a connected car, the infotainment system hostshigh-value and sensitive applications that are

INFOTAINMENT SYSTEM

1

&

2

3

4

KEEP SOFTWAREUPDATED:

DON’T JAILBREAKYOUR CAR OR DEVICE:

CHECK OUTLETSPERIODICALLY:

ASK MANUFACTURERIF APPS ARE HARDENED:

TO PREVENT ITWHAT YOU CAN DOHOW A CONNECTED

HACKABILITY

Check with your manufacturerand service provider to make

sure you always have the

In addition to making your carless secure, it may also void

warranties.

what you choose to plug in.

Make sure you know what isplugged into any USB or OBD2 portson your vehicle. Carefully consider

latest version installed.

to download.

Verify that all mobile and pre-installedapps are hardened, in addition toany third-party apps you choose

VEHICLE TO VEHICLE VEHICLE TOVEHICLE TO DEVICE

NFC

802.11p802.11p

INFRASTRUCTURE

What’s 802.11p?A new wireless standard thatenables ITS or IntelligentTransportation Systems.

Did you know?By 2020, it’s expected that75% of cars shipped globallywill have internet connectivity.

Reverse-engineeringtools (i.e. IDA pro) are fast, low in cost and easy-to-use.

Ethical Hack

Ethical Hack

Documents
How to Hack a twitter account - Twitter Hack

How to Hack a twitter account - Twitter Hack

Internet
Hack Hardware

Hack Hardware

Documents
Media Hack Day 2014 — News Sightseeing Hack

Media Hack Day 2014 — News Sightseeing Hack

Technology
Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index

Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index

Documents
Catchall infographic hack

Catchall infographic hack

Design
LAZARUS UNDER THE HOOD - Threatpost · Sony Pictures Entertainment hack and a strong similarity in the malware tools. Sometime later, ... The only case where malware targeting the

LAZARUS UNDER THE HOOD - Threatpost · Sony Pictures Entertainment hack and a strong similarity in the malware tools. Sometime later, ... The only case where malware targeting the

Documents
Hack & Tell

Hack & Tell

Technology
Winning Hack - Rewind, relive your festival \ AnalogFolk Hack Festival

Winning Hack - Rewind, relive your festival \ AnalogFolk Hack Festival

Technology
How attackers hack atm & withdraw cash from an atm using a phone - Infographic

How attackers hack atm & withdraw cash from an atm using a phone - Infographic

Technology
Small Business Handbook - Hack the Hood · Dear Small Business Owner, Welcome. We are proud to have you join the Small Business Program of Hack The Hood, a unique ... Weebly Work

Small Business Handbook - Hack the Hood · Dear Small Business Owner, Welcome. We are proud to have you join the Small Business Program of Hack The Hood, a unique ... Weebly Work

Documents
Easy Way to Hack the Admin Joomla SQL Injection Hack How to Hack Php Mysql Website

Easy Way to Hack the Admin Joomla SQL Injection Hack How to Hack Php Mysql Website

Documents
Hack the hack

Hack the hack

Software
Hack Biometric

Hack Biometric

Education
Hack the hood engage local

Hack the hood engage local

Education
Minecraft Hack

Minecraft Hack

Internet
Hack the hack vivatech

Hack the hack vivatech

Technology
Hack Day Tweet about Hack Day today! _technovation_

Hack Day Tweet about Hack Day today! _technovation_

Documents
Google Hack

Google Hack

Technology
hack gmail

hack gmail

Documents
hood shields Chrome hood Shield

hood shields Chrome hood Shield

Documents
Got Citrix? Hack IT!Got Citrix? Hack IT!

Got Citrix? Hack IT!Got Citrix? Hack IT!

Documents
Opening Talk, Why We Hack \ AnalogFolk Hack Festival

Opening Talk, Why We Hack \ AnalogFolk Hack Festival

Technology
What the hack - Yahoo! Hack India Hyderabad 2013

What the hack - Yahoo! Hack India Hyderabad 2013

Technology
Hack facebook

Hack facebook

Documents
AnalogFolk Hack Festival - Opening Talk, Why we hack

AnalogFolk Hack Festival - Opening Talk, Why we hack

Technology
Got Citrix? Hack IT!Got Citrix? Hack IT! · Got Citrix? Hack IT!Got Citrix? Hack IT! Shanit Gupta August 7th, 2008

Got Citrix? Hack IT!Got Citrix? Hack IT! · Got Citrix? Hack IT!Got Citrix? Hack IT! Shanit Gupta August 7th, 2008

Documents
hack wifi.doc

hack wifi.doc

Documents
Hack the Hood one of four Google Bay Area Impact Challenge winners

Hack the Hood one of four Google Bay Area Impact Challenge winners

Documents
Fictive Hack of Old School Hack

Fictive Hack of Old School Hack

Documents