Securing vehicles is a complex challenge. Their increased connectivity leave them to a wide attack surface. The diversity in the technologies used also requires to develop different security assessment techniques.
From an attacker’s point of view, one difficulty is the manufacturer-specific nature of the technologies used. The automotive industry is a complex ecosystem, composed of different OEMs and suppliers, at different levels of the production chain. This variety of actors lead to products having their own specifities, with little publicly available information.
This talk will present some techniques and developed tools for approaching these black-box systems, from a pentester’s perspective. Different technologies will be discussed. Among them, the CAN network, which is the most safety-critical part and also the last stage of a complete remote-to-physical attack chain. From experience and observations, we will discuss about some effective techniques and references that can be used for gathering information, understanding how ECUs behave and finding vulnerabilities.