Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

T6: Hands-On Interactive Car Hacking

Tuesday, 5 December 2017
08:30 - 12:00
13:30 - 17:00

Salon III

Modern day automobiles are complex machines which can contain 60-100 embedded Electronic Control Units (ECUs) running on a Controller Area Network (CAN) bus, networks to support these units, and a host of external interfaces, both wired and wireless. A Controller Area Network (CAN bus) is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer and it is a message-based protocol, designed for multiplex electrical wiring within automobiles Wired interfaces can include Universal Serial Bus (USB), compact disks (CDs), digital video disks (DVDs), and secure digital (SD) cards. Wireless interfaces can include short range and long range connectivity, such as via Bluetooth, Wi-Fi, Radio Frequency (RF), cellular, RF from RADAR, etc. The wireless interfaces can support a host of features including: remote Tire Pressure Monitoring Systems (TPMS), telematics, and Smart key keyless entry/ignition start. Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) on the horizon.  All of these forms of increased electronic control and connectivity promise tremendous benefits for efficiency, comfort, and driving safety, but also raise the risks of cybersecurity vulnerabilities and attacks.

In this class, students will learn about different vehicle networks and how they work.  We will discuss Pulse-Width Modulation (PWM), K-Line protocol, CAN, FlexRay and others.  This hands-on course using open source automotive tools will take a deep dive into CAN networks, how they work and how to reverse engineer them.  The students will leave the class with all the knowledge necessary to start reversing automotive CAN packets and other diagnostic protocols.



  1. Vehicle Networks
  2. Protocol layouts
  3. SocketCAN
  4. CAN, ISO-TP and Unified Diagnostics Services (UDS) protocols
  5. Manually pull UDS information, such as VIN
  6. Interactive demos to train students on reversing several different types of CAN signals
  7. Current challenges in the automotive cybersecurity space
  8. Open source automotive CAN analysis and cybersecurity tools

About the Instructors:

Craig Smith is the Research Director of Transportation Security at Rapid7 as well as the Founder of Open Garages.  Open Garages is a distributed collective of performance tuners, mechanics, security researchers and artists. Craig is also the author of the Car Hacker's Handbook, and runs a Security Consulting firm that specializes in automotive reverse engineering. Craig has developed many open source utilities to teach CAN bus to students, and security penetration tools that can uncover vulnerabilities in vehicle and diagnostic systems. Craig is the core author of Metasploit's Hardware Bridge, and has worked in the security field for over 20 years with the last 5 years focused on automotive.   

Daniel Chin is a computer engineer at the U.S. Department of Transportation’s Volpe National Transportation Systems Center, where he researches how new tools, techniques, vulnerabilities, and mitigations apply to modern vehicle technologies. Daniel has participated in the SAE Battelle CyberAuto Challenge and helped students learn automotive cybersecurity topics and challenges. Daniel has been supporting the research and evaluation of aftermarket telematics devices and has conducted research and evaluation on the telematics device’s vulnerabilities, risk, and mitigation.


Powered by OpenConf®
Copyright©2002-2017 Zakon Group LLC