Radio Hacking: Cars, Hardware, and more! - Samy Kamkar - AppSec California 2016
1,679,988
Published 2016-03-21
In this talk I'll introduce radio hacking, and take it a few levels into hacking real world devices like wirelessly controlled gates, garages, and cars. Many vehicles are now controlled from mobile devices over GSM and the web, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio, HackRF, Arduino, and even a Mattel toy).
We'll investigate how these features work, and of course, how they can be exploited. I'll be going from start to finish on new tools and vulnerabilities in this area, such as key-space reduction attacks on fixed-codes, advanced "code grabbers" using RF attacks on encrypted and rolling codes, exploiting mobile devices and poor SSL implementations, and how to protect yourself against such issues.
By the end of this talk you’ll understand not only how vehicles and the wirelessly-controlled physical access protecting them can be exploited and secured, but also learn about various tools for hardware, car and RF research, as well as how to use and build your own inexpensive devices for such investigation!
Samy Kamkar
Samy Kamkar is an independent security researcher, best known for creating The MySpace worm, one of the fastest spreading viruses of all time. His open source software and research highlights the insecurities and privacy implications in every day technologies, from the Evercookie which produces virtually immutable respawning cookies, SkyJack, the drone that wirelessly hijacks other drones, and KeySweeper, a wireless keyboard sniffer camouflaged as a USB wall charger. He continues to release new tools and hardware, for examples most recently the ProxyGambit, OpenSesame and ComboBreaker tools.
-
Managed by the official OWASP Media Project www.owasp.org/index.php/OWASP_Media_Project
All Comments (21)
-
Possibly the best answer for the public acceptance of Def Con, literally laying out the pathway of how vastly distributed insecure systems can be horrifically exploited because security standards weren't even a consideration. The arc from innocent fooling with your garage door to literally stealing any vehicle anywhere so long as you have cased it earlier is just a solid gradient from happy fun to full GTA superthief. Samy Kamkar did a wonderful job, not just as a sploiter, but as a presenter, this is top level Def Con.
-
GM is the perfect example of listen when someone is speaking to you, and have the respect to, at least somewhat, hear it out.
-
This is a very interesting talk. It gives even a non nerd a great insight into how insecure our world has become. "Just because it's invisible, doesn't mean it's safe" is a very eye opening statement. You have given me a new respect for hackers. Samy is a terrific presenter.
-
Sammy this video is so good man. Never heard such an interesting talk with such technical details and so much knowledge. Memes were on point too.you da man .
-
Thanks to Samy, you can’t buy an IM-ME, now, for under $800. Believe me, I’ve been watching for one. My wife and I also go to antique malls, thrift stores, flea markets, etc, and I always look through the toys, hoping to find one of these. I haven’t seen a single one, in six years of looking. Thanks Samy! 😂
-
loved this presentation and how you displayed the slides too, very informative and kept it laughable and fun.
-
Nice lecture, good overview of fun stuff to play with and the hardware/software starter tools.
-
Oh the days of FSK Modulated Bit Shift Keys were sweet..Could open Garage any Garage Door so easy.. Remote gates were easy as well..But my oh my how things have changed... Great Presentation... Thank You
-
I think this is one of the most interesting videos I've ever seen ! Thank you for all the great information and details 👌👏
-
This is a very interesting lecture with a wealth of information. It would have been awesome of you to leave links for everything you are talking about.
-
Legends without cars are watching ❤❤
-
This is so fascinating. I want to learn more
-
One thing I think would be cool to add in the section relating to MITM attacks would be the usage of a deathentication attack or a re-pair attack as its known in Bluetooth. This can help capture that wireless handshake as well as cause a device to connect to your false network.
-
A safe way to lock/unlock a car is, instead of using a rolling key, use RSA with timestamp encryption. The car would send a public key to the key fob, and the key fob would respond with an encrypted and salted hash containing the encrypted pass plus the command. That would by encrypted via a timestamp as well, as part of the public key. The private key would be used to decrypt the (command + pass) hash, but would never be sent via radio. Edit: Just saw the final of the video, and you suggest the same. Nice!
-
This is a brilliant lecture, natural teacher
-
Had my attention the entire time. That is even more impressive than your brute force 4 second average cracking time.
-
This was an excellent presentation, well explained! Thank you!
-
Absolutely brilliant lecture!
-
This talk is so damn interesting, loved it :D
-
Recently discovered Samy. Great stuff, Man! TY!
