Caleb Walter. iPhone style charger Malware channel Exploit Vehicle CAN network Create Covert Channel at Public Charging Stations Custom Arduino CAN EVSE.

Slides:

Advertisements

Similar presentations

Contents Overview Data Information Frame Format Protocol

Advertisements

Introduction to CAN.

Introduction to CANBUS

Jonathan Meed Alexander Basil. What is CAN (Controller Area Network) CAN is a multi-master serial bus Developed by Bosch for automotive applications in.

Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.

Transport Layer3-1 Transport Overview and UDP. Transport Layer3-2 Goals r Understand transport services m Multiplexing and Demultiplexing m Reliable data.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.

Car Hacking Patrick, James, Penny.

What is the CAN Bus ? A two wire electronic communication data bus between ‘processors’ – i.e. computer computer controllers Developed by Robert Bosch.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

© 2002 JW Ryder CS 428 Computer Networks 1 Ethernet Properties 10Mbps/100Mbps broadcast bus technology –Bus: all stations share single channel –Broadcast:

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Modifying the SCSI / Fibre Channel Block Size Presented by Keith Bonneau, John Chrzanowski and Craig O’Brien Advised by Robert Kinicki and Mark Claypool.

Introduction To Networking

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Host Data Layer 7 Application Interacts with software requiring network communications; identifies partners, resources and synchronization Layer 6 Presentation.

 What is a Controller Area Network?  History of CAN  CAN communication protocol  Physical layer  ISO  CiA  CANopen  DeviceNet  Applying.

Gursharan Singh Tatla Transport Layer 16-May

EECS 373 Controller Area Networks Samuel Haberl Russell Kuczwara Senyuan Zhong.

SERIAL BUS COMMUNICATION PROTOCOLS

Process-to-Process Delivery:

OSI Model Routing Connection-oriented/Connectionless Network Services.

Tecnologie Informatiche ed Elettroniche per le Produzioni Animali (corso TIE) CORSO LAUREA MAGISTRALE IN SCIENZE E TECNOLOGIE DELLA PRODUZIONE ANIMALE.

Presentation on Osi & TCP/IP MODEL

In-Vehicle Networking for Heavy Duty Systems Review of CAN / SAE J1939/ ISO BAE 5030 Fall 2001 Instructor: Marvin Stone BAE 5030 Fall 2001 Instructor:

Bluetooth Background Ericsson, IBM, Intel, Nokia, and Toshiba

ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Advanced Embedded Systems Design Lecture 13 RISC-CISC BAE Fall 2004 Instructor: Marvin Stone Biosystems and Agricultural Engineering Oklahoma.

Software Security Testing Vinay Srinivasan cell:

1 Layer 2: Concepts Honolulu Community College Cisco Academy Training Center Semester 1 Version

DEVICES AND COMMUNICATION BUSES FOR DEVICES NETWORK

Transport Layer: UDP, TCP

Transmission Control Protocol

Networks. Common Xmit Media Shared Media Networks are a shared communication resource Only one user can access at a time.

© 2009, Renesas Technology America, Inc., All Rights Reserved 1 Course Introduction  Purpose This training course provides an overview of Message Frames.

CENG 490/510 Network Programming Russell Deaton Rm

1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.

Network Protocols n ISO OSI 7-layer model n TCP/IP suite l TCP/UDP l IP l Ethernet/Token Ring l ICMP.

Section 3 - Slide 1/19 P&T - GPS - Formation PhW - CANopen_lev1_en - 01/2004 History CANopen and the ISO model Physical layer Link layer Application layer.

1 CS4550: Computer Networks II Review Data Link Layer.

Chapter 3: Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable data transfer.

Lecture 4 Overview. Ethernet Data Link Layer protocol Ethernet (IEEE 802.3) is widely used Supported by a variety of physical layer implementations Multi-access.

Wireless and Mobile Security

1 Lecture Controller Area Networks Dr. Tony Grift

Mechanical layer Logic layer Sensors layer Poll for sensor state Return polled state & also do interrupts in immergency situations Sensors checking suspension,

An Introduction to CAN CAN Basics 2 Renesas Interactive

Data Communication and Networks Chapter 5. What’s a Network? a network consists of two or more computers that are connected together to share information.

Point-to-Point Protocol

Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.

CAN Controller Area Network 29BIT ID

Network Processing Systems Design

Port Scanning James Tate II

Understanding the OSI Reference Model

Net431:advanced net services

Net 323: NETWORK Protocols

Transport Layer Our goals:

Data Link Issues Relates to Lab 2.

Проширења CAN Flexible Datarates

Process-to-Process Delivery:

شبکه محلی کنترلر Controller Area Network (CAN)

User Datagram Protocol (UDP)

Lecture 2: Overview of TCP/IP protocol

Lecture 3: Secure Network Architecture

CPEG514 Advanced Computer Networkst

OSI Reference Model Unit II

OSI Model 7 Layers 7. Application Layer 6. Presentation Layer

Network Basics and Architectures Neil Tang 09/05/2008

Presentation transcript:

Caleb Walter

iPhone style charger Malware channel Exploit Vehicle CAN network Create Covert Channel at Public Charging Stations Custom Arduino CAN EVSE Basic Concept

Three Georgia Tech researchers designed charger in 1 week Normal chargers only contain transformers This charger contains small computer running Linux Iphone Malware Charger

Linux delivers payload when Phone is plugged in Must be unlocked by User Takes advantage of multiple Apple security flaws UDID query to send to apple web Page Bypassed App Vetting by hiding Malicious Code using Covert Channel Iphone Malware Charger (Cont.)

Development began in 1983 at Robert Bosch GmbH Officially Released in 1986 by SAE in Detroit. First CAN Chips produced and installed in 1987 Intel CAN bus History

Can 2.0 Designed and released in 1991 Improved CAN Data Link Layer in 2012 CAN FD – ISO CAN 2.0 included in all OBD II Vehicles OBD II mandatory for all cars and trucks sold in the USA since 1996 CAN Bus History

Controller Area Network Message Based Protocol for vehicles Allows microcontrollers and devices to communicate without host computer Vehicle CAN Basics

CAN Standard Format 11-bit Header ID for Manufacturer Proprietary protocols CAN Format

SOF – Start of Frame Identifier – UID w/ Priority RTR – Remote Transmission Request IDE – CAN vs. Can Extended DLC – Data Length Code (This is the Paylod Location) CRC – Cycle Redundancy Check ACK – Acknowledge EOF – End of Frame CAN Frame

CAN Bus Network

Electronic Control Units: Control various parts of the vehicles electronics Engine Control ABS Radio Doors Reprogrammable for Manufacture Updates ECUs

8 Bytes available to modify in Data Code Frame Hide coding within Data Layer through basic Obfuscation Technique Can pass along payloads or other messages with this 8 byte space The Covert Channel

When Vehicle Plugs into charge, various data transmission happen OBD II ECU to Charging Station Computer CAN Network messages exchange between Battery ECU and Charger Computer Charging Handshake for Electronic Cars

Custom Arduino/Raspberry PI/ BeagleBoard Plugged into EV Charging station via Cat5 Communication Port Injects custom code into EV Handshake CAN Controller Libraries for Code MCP2515 SPI Hacking the Charger

Interrupts Handshake ECU process with Obfuscates code to prevent Message Anomaly Detection and CRC check Transmits message through SAE J1772 Charger Port Hacking the Charger (Cont)

Can potentially modify any ECU Controlled system in the car Make Radio display custom messages Max out Speedo and Tacho even when sitting Cut Brakes (Not recommended…) Extra Fun!

8416 Electronic Charging Stations in USA Most Charging Stations use the same CAN and ECU checks Most also use same charging type and plug type 67,295 Electronic Vehicles in the US May 2013 Statistics Potential Outreach

Firewalls within the CAN Network Vehicle IPS for CAN Network Physical Intrusion Detection on EV Charger CAN Bus update for slack code prevention Potential Prevention

Target most popular Charging Stations in US Implement Arduinos into EV Stations Infect/Pass communication between as many cars as possible. Implementation Goal

Sources