Candy Cream Exploy
Demo - haCking infotAiNment AnDroid sYstems to Command - a cura di ILARIA MATTEUCCI e GIANPIERO COSTANTINO - instRument clustEr via cAn data fraMe
- https://www.modenasmartlife.it/edizioni-precedenti/2019/programma-2019/eventi/27-settembre-2019/candy-cream-exploy
- Candy Cream Exploy
- 2019-09-27T14:30:00+02:00
- 2019-09-27T23:59:59+02:00
- Demo - haCking infotAiNment AnDroid sYstems to Command - a cura di ILARIA MATTEUCCI e GIANPIERO COSTANTINO - instRument clustEr via cAn data fraMe
- FRONTIERA TECNOLOGICA
- Quando il 27/09/2019 dalle 14:30 (Europe/Rome / UTC200)
- Dove Fondazione San Carlo - Chiesa
-
Aggiungi evento al calendario
iCal
Modern vehicles functionalities are regulated by Electronic Control Units (ECU), from a few tens to a hundred, commonly interconnected through the Controller Area Network (CAN) communication protocol. CAN is not secure-by-design: authentication, integrity and confidentiality are not considered in the design and implementation of the protocol. This represents one of the main vulnerability of modern vehicle: getting the access (physical or remote) to CAN communication allows a possible malicious entity to inject unauthorised messages on the CAN bus. These messages may lead to unexpected and possible very dangerous behaviours of the target vehicle. In this conference, we present CANDY CREAM, an attack made of two parts: CANDY aims at exploiting a misconfiguration of an infotainment system based on Android OS connected to the vehicle’s CAN bus network, and CREAM, a post-exploitation script that injects customized CAN frame to alter the behaviour of the vehicle.
LINK: -sito del gruppo: https://sowhat.iit.cnr.it -video dell’attacco: https://youtu.be/Hs73o8RxnNE
LINK: -sito del gruppo: https://sowhat.iit.cnr.it -video dell’attacco: https://youtu.be/Hs73o8RxnNE
Saluti di Luca Chiantore Settore Città Intelligente e Progetti telematici Comune di Modena