Pages: [1]   Go Down
Print
Author Topic: Demo: attacco al cruscotto di un'autovettura  (Read 469 times)
0 Members e 1 Utente non registrato stanno visualizzando questa discussione.
Giampaolo Bella
docente
Apprendista Forumista
****
Offline Offline

Posts: 207


« on: 22-05-2019, 21:27:56 »

Nell'ambito delle iniziative del polo Catanese del Laboratorio CINI di Cybersecurity, la Dott.ssa Matteucci e il Dott. Costantino del CNR Pisa dimostreranno il loro recentissimo attacco ai sistemi di monitoraggio e controllo di una moderna autovettura (dettagli in calce) il

29 maggio ore 12:30 in aula 22 del DMI

Segnalo l'impatto mediatico di tale attacco
https://www.repubblica.it/cronaca/2019/05/14/news/aiuto_c_e_un_hacker_alla_guida_dell_auto-226208065/

http://www.ansa.it/canale_motori/notizie/attualita/2019/05/14/software-manomette-le-auto-a-distanza-scoperta-del-cnr_72408437-3f75-4411-b15b-7b54e8d7ec7f.html

nonchè il gruppo di ricerca che abbiamo definito come frutto della convenzione fra il DMI e il CNR https://sowhat.iit.cnr.it/

-------------------------------------------------------


"Candy Cream: haCking infotAiNment AnDroid sYstems to Command instRument clustEr via cAn data fraMe"

Relatori: Gianpiero Costantino and Ilaria Matteucci

Abstract: Modern vehicles functionalities are regulated by Electronic Control Units (ECU), from a few tens to a hundred, commonly interconnected through the Controller Area Network (CAN) communication protocol.
CAN is not secure-by-design: authentication, integrity and confidentiality are not considered in the design and implementation of the protocol. This represents one of the main vulnerability of modern vehicle: getting the access (physical or remote) to CAN communication allows a possible malicious entity to inject unauthorised messages on the CAN bus. These messages may lead to unexpected and possible very dangerous behaviour of the target vehicle.
We present CANDY CREAM, an attack made of two parts: CANDY aiming at exploiting a vulnerability exposed by an infotainment system based on Android operating system connected to the vehicle?s CAN bus network, and CREAM, a post-exploitation script that injects customized CAN frame to alter the behaviour of the vehicle.
Logged
Pages: [1]   Go Up
Print
Jump to: