🔐

Security Vulnerabilities in Vehicle Systems

Mar 15, 2025

Drive It Like You Hacked It - Lecture Summary

Introduction

  • Speaker: Sammy
  • Topics: Vehicles, radio hardware, web security
  • Inspired by the movie "Gone in 60 Seconds" starring Nicholas Cage

Garage Door Security

Learning Radio Frequencies

  • Devices transmitting radio frequencies must have an FCC ID in the US.
  • FCC website is cumbersome, but tools like fcc.io make accessing information easier.
  • Garage door openers typically have a fixed transmission frequency (e.g., 390 MHz).
  • Tools like HackRF and RTL-SDR help in analyzing and interacting with radio signals.

Tools for Analysis

  • HackRF: Open-source, capable of receiving and transmitting between 1 MHz to 6 GHz.
  • RTL-SDR: Inexpensive ($20), for analyzing radio spectrum.
  • GQRX: Visualize radio spectrum, see signals as they happen.

Modulation Types

  • ASK (Amplitude Shift Keying): Signal is on or off, similar to AM radio.
  • FSK (Frequency Shift Keying): Uses frequency modulation, similar to FM radio.

Brute Forcing Garage Codes

  • Simplified transmission can reduce brute force time to 8 seconds using De Bruijn sequences.
  • Tools like YARD Stick One and repurposed Mattel IME toy can transmit signals.

Vehicle Security

OnStar and Other Apps

  • OnStar app vulnerabilities: No SSL certificate validation led to exposure of credentials.
  • SSL man-in-the-middle attacks can exploit these vulnerabilities.
  • Importance of certificate pinning and secure password handling.

Rolling Codes

  • Rolling codes prevent replay attacks by changing password-like codes after each use.
  • Jamming and replay attacks can potentially bypass rolling codes by manipulating the order of codes used.

Hardware Security

Tools and Techniques

  • Logic analyzers and multimeters help analyze unknown hardware.
  • Discovering chipsets despite obfuscation by comparing known data sheets and pinouts.

Key Lessons

  • Do not rely on obscurity or small key spaces for security.
  • The importance of secure communications and encryption in radio and vehicle communications.
  • Hardware and software need robust security measures, even as cars become more connected.

Conclusion

  • Many car apps and systems lacked basic security measures but have since been updated.
  • The field of radio and vehicle security is growing and requiring more attention.
  • Continuous improvement and research are needed as technology advances.

Q&A

  • Companies have started addressing security issues post-disclosure.
  • Discussion on overcoming keyless entry systems and potential security improvements.
  • The need for ongoing research and enhancements in radio and vehicle security.

Full transcript