It has been confirmed that Charlie Miller and Chris Valasek will hold a presentation on “Adventures in Automotive Networks and Control Units” at Defcon 21, August 1st to 4th 2013 at the Rio Hotel in Las Vegas.
HERE IS THE ABSTRACT: “Automotive computers, or electronic control units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher’s point of view.
We will first cover the requisite tools and software needed to analyze a Controller Area Network. Secondly, we will demo software to show how data can be read and written to the CAN network.
Then we will show how certain proprietary messages can be replayed by a device hooked up to an OBDII (on-board diagnostic) connection to perform critical car functionality, such as braking and steering. Finally, we’ll discuss aspects of reading and modifying the firmware of ECUs installed in today’s modern automobile.”
Charlie Miller is a security engineer at Twitter. He was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is also a four-time winner of the CanSecWest Pwn2Own competition and has authored three information security books and holds a PhD from the University of Notre Dame.
Chris Valasek is the Director of Security Intelligence at IOActive, where he specializes in attack methodologies, reverse engineering and exploitation techniques. Valasek regularly speaks on the security industry conference circuit on a variety of topics and he is also the Chairman of SummerCon, the nation’s oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh.