DEF CON 23 - Samy Kamkar - Drive it like you Hacked it: New Attacks and Tools to Wireles
Vložit
- čas přidán 25. 06. 2024
- Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy freeway without seeing one. But what about their security?
In this talk I’ll reveal new research and real attacks in the area of wirelessly controlled gates, garages, and cars. Many cars are now controlled from mobile devices over GSM, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio, HackRF, Arduino, and even a Mattel toy).
We will investigate how these features work, and of course, how they can be exploited. I will be releasing new tools and vulnerabilities in this area, such as key-space reduction attacks on fixed-codes, advanced "code grabbers" using RF attacks on encrypted and rolling codes, and how to protect yourself against such issues.
By the end of this talk you’ll understand not only how vehicles and the wirelessly-controlled physical access protecting them can be exploited, but also learn about various tools for car and RF research, as well as how to use and build your own inexpensive devices for such investigation.
Ladies and gentlemen, start your engines. And other people’s engines.
Samy Kamkar is a security researcher, best known for creating The MySpace Worm, one of the fastest spreading viruses of all time. He (attempts to) illustrate terrifying vulnerabilities with playfulness, and his exploits have been branded:
“Controversial”, -The Wall Street Journal
“Horrific”, -The New York Times
“Now I want to fill my USB ports up with cement”, -Gizmodo
He’s demonstrated usurping typical hardware for surreptitious means such as with KeySweeper, turning a standard USB wall charger into a covert, wireless keyboard sniffer, and SkyJack, a custom drone which takes over any other nearby drones allowing them to be controlled as a massive zombie swarm. He’s exposed issues around privacy, such as by developing the Evercookie which appeared in a top-secret NSA document revealed by Edward Snowden, exemplifying techniques used by governments and corporations for clandestine web tracking, and has discovered and released research around the illicit GPS and location tracking performed by Apple, Google and Microsoft mobile devices. He continues to produce new research and tools for the public as open source and open hardware.
Twitter: @samykamkar - Věda a technologie
Samy is always a very entertaining speaker. :3
But most of all.. Samy is my hero.
Samy is my hero
SAMMY IS MY HERO
but most of all, samy is my hero
samy is my hero
Samy Kamkar is a genius mind & great entertainer!
Awesome, great talk.
Finally Samy!
The Great Sammy !!!
i love samy
This is a good one to watch after the vid you did with what's his face where you hacked his garage doors with the IM Me.
This is a really cool talk. I enjoyed seeing the Matel IM-ME be modified into a useful tool .
It was ALWAYS useful!
SO cool; SO connected!
to be totally fair, no native english speaker can pronounce "De Bruijn "correctly, ij is a unique Dutch sound.
27:33 ALWAYS the right answer.
I know none of this is illegal but how close does it come? Can anyone talk briefly on how illegality applies to this field
33:20
Do you remember last year when it can be said, ROLLJAM to do the smaller, as the size of a remote? Do you have any samples? Can be sold to Southeast Asian countries? I want to do this business! Are you interested in?
16:51 we'll do it live. lol
Facebook hack 2017:
Samy is my city
He missed a great opportunity to put EFF about you! Instead of below
hy Samy I would like to buy a rolljam divice where can I buy it
He didnt put Obama in the "Thank you" at the end :(
Leo Curious Of course, because Obama made garage door openers less secure than a two-character password.
And so hackers should thank him :)
Drive It Faster
She Lies On Every Resume And She Is Not Cute
We Hacked Baby Girl
Can She Lock Anything With A Provided Key ?
Nice Set
good one more
I'm pausing cause I smell a Rick roll coming.
I won to a roll jam please call me
So, i just watched the first 10 minutes of this video. So, it looks like this channell is dedicated to thieves and how to steal stuff. Do i have that right ?
That is an oversimplification. The entire channel is dedicated to security and security testing. No security system is infallible, if you think it is then you're overlooking something. These researchers test and look at vulnerabilities in systems and try to point out any severe flaws. Often they will contact the companies and try to tell them about a vulnerability to fix, such as what he did with GM at czcams.com/video/UNgvShN4USU/video.html and he provided them with info to fix a vulnerability.
A lot of these guys work in security setting up and maintaining the digital or physical security of private companies. Some of them even work with the government. Some of them are actually thieves, though what they steal is usually not cars and such.
Still, the main purpose of these talks is to educate about security and security vulnerabilities. Not just thievery.
windows babbies BTFO
So this is EXACTLY the same presentation Samy made at APPSEC 2016 ....... boring..
SAMMY IS MY HERO
Samy is my hero
Samy is my hero