Seminario - Candy Cream: haCking infotAiNment AnDroid sYstems to Command instRument clustEr via cAn data fraMe
Nell'ambito delle iniziative del polo Catanese del Laboratorio CINI di
Cybersecurity, la Dott.ssa Matteucci e il Dott. Costantino del CNR
Pisa dimostreranno il loro recentissimo attacco ai sistemi di
monitoraggio e controllo di una moderna autovettura (dettagli in
calce) il
29 maggio ore 12:30 in aula 22 del DMI
Segnalo l'impatto mediatico di tale attacco
https://www.repubblica.it/cronaca/2019/05/14/news/aiuto_c_e_un_hacker_alla_guida_dell_auto-226208065/
nonchè il gruppo di ricerca che abbiamo definito come frutto della
convenzione fra il DMI e il CNR https://sowhat.iit.cnr.it/
La vostra presenza sarà graditissima.
Un caro saluto,
--
Giamp
"Candy Cream: haCking infotAiNment AnDroid sYstems to Command
instRument clustEr via cAn data fraMe"
Relatori: Gianpiero Costantino and Ilaria Matteucci
Abstract: Modern vehicles functionalities are regulated by Electronic
Control Units (ECU), from a few tens to a hundred, commonly
interconnected through the Controller Area Network (CAN) communication
protocol.
CAN is not secure-by-design: authentication, integrity and
confidentiality are not considered in the design and implementation of
the protocol. This represents one of the main vulnerability of modern
vehicle: getting the access (physical or remote) to CAN communication
allows a possible malicious entity to inject unauthorised messages on
the CAN bus. These messages may lead to unexpected and possible very
dangerous behaviour of the target vehicle.
We present CANDY CREAM, an attack made of two parts: CANDY aiming at
exploiting a vulnerability exposed by an infotainment system based on
Android operating system connected to the vehicle?s CAN bus network,
and CREAM, a post-exploitation script that injects customized CAN
frame to alter the behaviour of the vehicle.