Driving down the rabbit hole

DEF CON 25

Presented by: Oleksandr Bazhaniuk, Jesse Michael, Mickey Shkatov
Date: Saturday July 29, 2017
Time: 12:00 - 12:45
Location: 101 Track

Over the past few years, cars and automotive systems have gained increasing attention as cyber-attack targets. Cars are expensive. Breaking cars can cost a lot. So how can we find vulnerabilities in a car with no budget? We’ll take you with us on a journey from zero car security validation experience through the discovery and disclosure of multiple remotely-exploitable automotive vulnerabilities. Along the way, we’ll visit a wrecking yard, reassemble (most) of a 2015 Nissan Leaf in our lab, discuss how we picked our battles, fought them, and won. During our talk, we’ll examine the details of three different classes of vulnerabilities we found in this vehicle, how they can be exploited, and the potential ramifications to the owner of their real-world exploitation. We’ll also discuss the broader scope of the vulnerabilities discovered, how they extend beyond just this specific vehicle, and what the industry can do better to prevent these types of problems in the future.

Mickey Shkatov

Mickey Shkatov is a security researcher and a member of the McAfee Advanced Threat Research team. His areas of expertise include vulnerability research, hardware and firmware security, and embedded device security @HackingThings

Jesse Michael

Jesse Michael has been working in security for over a decade and is currently a member of the McAfee Advanced Threat Research team who spends his time causing trouble and finding low-level hardware security vulnerabilities in modern computing platforms @jessemichael

Oleksandr Bazhaniuk

Oleksandr Bazhaniuk is a security researcher and reverse engineer with background in automation of binary vulnerability analysis. He is also a co-founder of DCUA, the first DEF CON group in Ukraine. @ABazhaniuk


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats