Car Hacking

Dear readers,

Automotive security is one of the fastest growing industries these days. With the rise of smart cars, malicious hackers create new tools and techniques to exploit your vehicle’s software vulnerabilities. Ethical hackers and pentesters should update their knowledge and get into black hat’s mindset in order to understand and prevent automotive cyber attacks. That’s why we decided to dedicate our February issue to automotive security and various other topics, to help you understand all the hows and whys. Let’s dive into it!

We start off with CAN Bus Exploitation 101, in which our author Gagan Bagh will help you build your own virtual lab and conduct various kinds of cyber attacks. Later on Dr. Dennis Kengo Oka in his tutorial explains the intricacies of Automated Fuzz Testing of an Embedded Software.

Then you’ll get a chance to learn how to hack cars with fan favourite Raspberry Pi. If you prefer more theoretical articles, we recommend you to take a look at Current State and Posture of Automotive Security by Kartheek Lade.

If you’re hungry for different topics, don’t worry - we got you covered! Later on Atlas Stark will teach you how to use Shade-Tech and turn a drone into a hacking platform. You can also read two great introductions that will help you dive into the world of IoT penetration testing and Bluetooth hacking. 

We also have something for fans of OSINT tools! In the next article the creators of Mal-OR-Not will introduce you to this tool and present you with its abilities. 

But there’s more! You’ll also get a chance to read about how to address the vulnerabilities of the supply chain and what are the risks of RFID technology.

We believe this issue will help you learn both the basics and more advanced nuances of automotive security, but also other essential topics of cybersecurity.

We would like to thank our amazing contributors, reviewers, and proofreaders, without whom this issue wouldn’t be possible. 

We would also like to express solidarity with Ukrainian neighbours. We hope that wherever you are, you are safe and sound, as well as we send prayers for the quick end of the invasion.

Stay safe, 

Hakin9 Editorial Team

---

Table of Contents

CAN Bus Exploitation 101

Gagan Bagh

Vehicles are more complicated and interconnected than at any other time in history. Beside improving comfort, functionality, and safe driving, they have also created new attack surfaces to disrupt the in-vehicle communication network, which was originally built as a closed-loop system. The CAN Bus is the most extensively used communication protocol for such applications, yet it still has a number of security weaknesses due to the absence of security mechanisms.

---

A Tutorial on Automated Fuzz Testing of Embedded Software

Dr. Dennis Kengo Oka

While fuzz testing has generally been incorporated as part of the test activities in many other industries, it is often used only in a limited capacity in the automotive industry. There are two main challenges described as follows. First, in contrast to, e.g., web applications where the target system is accessible and testable purely in software, the automotive target systems are typically physical embedded devices. Thus, testing requires access to the necessary hardware components, such as ECUs (electronic control units) and their test environment. To address these challenges, this tutorial explains how to perform automated fuzz testing of embedded software without the need for hardware. An example using the open-source embedded software Zephyr [6] is used to describe the step-by-step activities.

---

Car Hacking with Raspberry Pi

Atlas Stark

Automotive, auto or car hacking, whichever term you want to use, is a valuable skill to have especially in corporate environments where organizations have a sizable fleet on the road every day; the larger the fleet, the larger the target. Using a Raspberry Pi for this task is even cooler and allows for greater mobility especially with an active fleet. Being able to successfully demonstrate the ability to compromise an automobile and then provide accurate and effective information that can be implemented to protect and/or recover from an attack of this nature is paramount, so let’s get started. In this article, we will not be exploring hacking key fobs, largely due to the fact that there are many ways to hack them depending on the automobile manufacturer, making it a topic that could be an article on its own. I would like to explore that in a future article as I love hacking anything that has to do with RF.

---

Current State and Posture of Automotive Security

Kartheek Lade

Cars are no longer simply a means of transportation. Older cars had basic electrical wiring. As time passed, the demand for more features increased. To gain a competitive advantage and comply with new regulations, we are literally and figuratively turning the corner into the era of the driver-less or connected autonomous vehicle, securing the automobile landscape will become even more important and dangerous. Today, a car is not just a motor vehicle, it is a device connected to wireless networks, apps and electronic components, sensors, and actuators. We are looking at a scenario where malicious hackers/adversaries intentionally are penetrating vehicle networks every day in the best way possible, putting the automotive industry in a position where end-to-end security is necessary.

---

Shade-Tech

Atlas Stark

Shade-Tech in the game is technology that is utilized to enhance the Division Agents’, and even Rogue Agents’, ability to cause damage to and increase their impact on the other players. One main piece of Shade-Tech in the game is the drone that hovers close overhead and performs attacks on the enemy. This particular project involves a cyber attack platform (Raspberry Pi) and an OS (Kali) attached to a payload drone that can auto-hover and follows you around overhead as you perform a variety of tasks like scanning, Bluetooth exploits or de-authorization attacks against a target, just like in the game, how’s that for a coolness factor?

---

Introduction to IoT Penetration Testing

Alexandros Pappas

The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which makes sure everything is connected to each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and have consequently attracted research interest. However, there are very few approaches that assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security and there can be significant costs and time invested in the process.

---

Introduction to Bluetooth Hacking

Roberto Camerinesi

To understand exploiting and debugging Bluetooth, it is good to introduce or review its basic protocols. It's good to clarify that its frequency is 2.4GHz, so as the cousin WiFI, but works at very low power. There are many aspects to consider, but we can enclose them for exemplification logic in two levels: the Host and the Controller, connected together by an HCI (Host Controller Interface). A bit like what happens in the well known ISO/OSI stack, each level of the stack has its own component, from the physical level up to the application level.

---

Mal-OR-Not: A Malicious Entity Detector to Safeguard People from Potential Cyber Attacks

Dhruv Kandpal, Ayushya Mathur

Cybercrimes are growing at an unprecedented rate, especially after the recent global pandemic due to which everything had to be shifted to online mode. Cybercriminals have made a fortune in cyberspace by exploiting the innocence of users worldwide. We, as cybersecurity students, who're about to break into the industry, decided to take on the challenge of developing an all-in-one solution to this problem. After a lot of brainstorming and accumulation of thoughts and ideas, we have come up with the idea of building 'Mal-OR-Not' (Malicious Entity Detector). We have developed it in a way that any normal user can use it to safeguard himself against cybercrimes and catch any malicious intent in its early phases. It is an OSINT (Open Source Intelligence) tool that gathers relevant and reliable information from trusted sources.

---

Five Steps to Addressing Supply Chain Vulnerabilities

Nir Yehoshua

Supply chain attacks (also known as third-party attacks) occur because of problems introduced by use of a third-party product or service. For example, if a company implements a third-party open source library, it is easier for attackers to  perform vulnerability research on this library, for which source code is available, in contrast to varying levels of access to code for the full product. Once they find vulnerabilities in the library, the attackers can exploit the vulnerability in the product that has implemented it, in some cases harming the company or its reputation, or gaining remote access and stealing sensitive data. So how can this be dealt with? The key lies in managing the supply chain, and we present five steps that can be taken to maximize peace of mind regarding your product security.

---

Knowing the Risk in your University ID: RFID Technology and its Vulnerabilities

Lochana Koralage

RFID technology is connected to a memory chip, which has stored information related to the authorization of a certain system.  Therefore, this would be a lock and key kind of mechanism, where the RFID chip would be the key to unlocking a system with proper authentication. An RFID chip contains an authentication code which is then captured by the nearby device, which acts as the lock. On top of the security provided by the authentication code mechanism, it is possible to enhance the security by encrypting the chip data as well.  Along with many advantages, there comes some threats related to RFID technology as well.