Presentation is loading. Please wait.

Presentation is loading. Please wait.

Caleb Walter. iPhone style charger Malware channel Exploit Vehicle CAN network Create Covert Channel at Public Charging Stations Custom Arduino CAN EVSE.

Published byLaureen Parks Modified over 9 years ago

Similar presentations

Presentation on theme: "Caleb Walter. iPhone style charger Malware channel Exploit Vehicle CAN network Create Covert Channel at Public Charging Stations Custom Arduino CAN EVSE."— Presentation transcript:

1 Caleb Walter

2 iPhone style charger Malware channel Exploit Vehicle CAN network Create Covert Channel at Public Charging Stations Custom Arduino CAN EVSE Basic Concept

3 Three Georgia Tech researchers designed charger in 1 week Normal chargers only contain transformers This charger contains small computer running Linux Iphone Malware Charger

4 Linux delivers payload when Phone is plugged in Must be unlocked by User Takes advantage of multiple Apple security flaws UDID query to send to apple web Page Bypassed App Vetting by hiding Malicious Code using Covert Channel Iphone Malware Charger (Cont.)

5 Development began in 1983 at Robert Bosch GmbH Officially Released in 1986 by SAE in Detroit. First CAN Chips produced and installed in 1987 Intel CAN bus History

6 Can 2.0 Designed and released in 1991 Improved CAN Data Link Layer in 2012 CAN FD – ISO 11898-1 CAN 2.0 included in all OBD II Vehicles OBD II mandatory for all cars and trucks sold in the USA since 1996 CAN Bus History

7 Controller Area Network Message Based Protocol for vehicles Allows microcontrollers and devices to communicate without host computer Vehicle CAN Basics

8 CAN Standard Format 11-bit Header ID for Manufacturer Proprietary protocols CAN Format

9 SOF – Start of Frame Identifier – UID w/ Priority RTR – Remote Transmission Request IDE – CAN vs. Can Extended DLC – Data Length Code (This is the Paylod Location) CRC – Cycle Redundancy Check ACK – Acknowledge EOF – End of Frame CAN Frame

10 CAN Bus Network

11 Electronic Control Units: Control various parts of the vehicles electronics Engine Control ABS Radio Doors Reprogrammable for Manufacture Updates ECUs

12 8 Bytes available to modify in Data Code Frame Hide coding within Data Layer through basic Obfuscation Technique Can pass along payloads or other messages with this 8 byte space The Covert Channel

13 When Vehicle Plugs into charge, various data transmission happen OBD II ECU to Charging Station Computer CAN Network messages exchange between Battery ECU and Charger Computer Charging Handshake for Electronic Cars

14 Custom Arduino/Raspberry PI/ BeagleBoard Plugged into EV Charging station via Cat5 Communication Port Injects custom code into EV Handshake CAN Controller Libraries for Code MCP2515 SPI Hacking the Charger

15 Interrupts Handshake ECU process with Obfuscates code to prevent Message Anomaly Detection and CRC check Transmits message through SAE J1772 Charger Port Hacking the Charger (Cont)

16 Can potentially modify any ECU Controlled system in the car Make Radio display custom messages Max out Speedo and Tacho even when sitting Cut Brakes (Not recommended…) Extra Fun!

17 8416 Electronic Charging Stations in USA Most Charging Stations use the same CAN and ECU checks Most also use same charging type and plug type 67,295 Electronic Vehicles in the US May 2013 Statistics Potential Outreach

18 Firewalls within the CAN Network Vehicle IPS for CAN Network Physical Intrusion Detection on EV Charger CAN Bus update for slack code prevention Potential Prevention

19 Target most popular Charging Stations in US Implement Arduinos into EV Stations Infect/Pass communication between as many cars as possible. Implementation Goal

20 http://www.net-security.org/malware_news.php?id=2548 http://en.wikipedia.org/wiki/CAN_bus#Data_transmission http://www.afdc.energy.gov/fuels/electricity_locations.html http://www.eia.gov/tools/faqs/faq.cfm?id=93&t=4 Sources

Download ppt "Caleb Walter. iPhone style charger Malware channel Exploit Vehicle CAN network Create Covert Channel at Public Charging Stations Custom Arduino CAN EVSE."

Similar presentations

Contents Overview Data Information Frame Format Protocol

Contents Overview Data Information Frame Format Protocol
Introduction to CAN.

Introduction to CAN.
Introduction to CANBUS

Introduction to CANBUS
Jonathan Meed Alexander Basil. What is CAN (Controller Area Network) CAN is a multi-master serial bus Developed by Bosch for automotive applications in.

Jonathan Meed Alexander Basil. What is CAN (Controller Area Network) CAN is a multi-master serial bus Developed by Bosch for automotive applications in.
Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.

Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.
Transport Layer3-1 Transport Overview and UDP. Transport Layer3-2 Goals r Understand transport services m Multiplexing and Demultiplexing m Reliable data.

Transport Layer3-1 Transport Overview and UDP. Transport Layer3-2 Goals r Understand transport services m Multiplexing and Demultiplexing m Reliable data.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.

ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.
Car Hacking Patrick, James, Penny.

Car Hacking Patrick, James, Penny.
What is the CAN Bus ? A two wire electronic communication data bus between ‘processors’ – i.e. computer computer controllers Developed by Robert Bosch.

What is the CAN Bus ? A two wire electronic communication data bus between ‘processors’ – i.e. computer computer controllers Developed by Robert Bosch.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
© 2002 JW Ryder CS 428 Computer Networks 1 Ethernet Properties 10Mbps/100Mbps broadcast bus technology –Bus: all stations share single channel –Broadcast:

© 2002 JW Ryder CS 428 Computer Networks 1 Ethernet Properties 10Mbps/100Mbps broadcast bus technology –Bus: all stations share single channel –Broadcast:
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Modifying the SCSI / Fibre Channel Block Size Presented by Keith Bonneau, John Chrzanowski and Craig O’Brien Advised by Robert Kinicki and Mark Claypool.

Modifying the SCSI / Fibre Channel Block Size Presented by Keith Bonneau, John Chrzanowski and Craig O’Brien Advised by Robert Kinicki and Mark Claypool.
Introduction To Networking

Introduction To Networking
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Host Data Layer 7 Application Interacts with software requiring network communications; identifies partners, resources and synchronization Layer 6 Presentation.

Host Data Layer 7 Application Interacts with software requiring network communications; identifies partners, resources and synchronization Layer 6 Presentation.
 What is a Controller Area Network?  History of CAN  CAN communication protocol  Physical layer  ISO 11898  CiA  CANopen  DeviceNet  Applying.

 What is a Controller Area Network?  History of CAN  CAN communication protocol  Physical layer  ISO  CiA  CANopen  DeviceNet  Applying.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
EECS 373 Controller Area Networks Samuel Haberl Russell Kuczwara Senyuan Zhong.

EECS 373 Controller Area Networks Samuel Haberl Russell Kuczwara Senyuan Zhong.

Similar presentations

Ads by Google