Course

While hardware security is a topic of interest for decades, devices are constantly getting smaller, more powerful and more complicated. Most would assume that this resulted in higher security standards, but from our 100+ penetration tests in the (heavily hardware based) automotive industry, we beg to differ.

With automotive suppliers trying to make everything work under heavily constrained environments, with limited resources both for energy and processing power, understandably many things are getting left out of the table, with one of the biggest victim being security. One of the most common ones, the random number generation, which in most of the cases we managed to prove insecure in a couple of minutes, as we will demonstrate.

In this talk, we will go through some of the biggest misconfigurations related to hardware in the automotive sector, as a result of a 5-year journey and more than 100 penetration tests with some of the biggest OEMs and Tier 1 suppliers. Going through different paths of exploitation, we will demonstrate practically (targeting a real ECU on stage) how easy is to exploit a current generation vehicles, due to lack of proper implementation of a true random generator, how we automated this process to efficiently prove this vulnerability in a couple of minutes even in full vehicles, how manufacturers many times chose to not accept this as a security issue due to the fact that it’s “unfixable” and how one of the smaller manufacturers managed to resolve all those issues from the ground up with 10$ hardware while everyone else struggled.

Course

Presented in Zer0Con 2024, on April 4-5, 2024, in Seoul, South Korea.

Recordings of the talks will not be published, due to the conference terms.