Posts tagged Transportation

Building a Car Hacking Development Workbench: Part 3

Welcome back to the car hacking development workbench series. In part two we discussed how to read wiring diagrams. In part three, we are going to expand on the workbench by re-engineering circuits and replicate signals used in your vehicle. If this is your first time stumbling across this write up, I encourage you to check out the previous two parts to this series: Part 1: Constructing a Workbench [/2017/07/11/building-a-car-hacking-development-workbench-part-1] Part 2: How to Read Wiring Di

5 min Transportation

Building a Car Hacking Development Workbench: Part 2

This is part two of a three-part series. Part one [/2017/07/11/building-a-car-hacking-development-workbench-part-1] covered how to build a development workbench. Part two of this series will cover reading electrical diagrams and serve as a primer for part three, where we will re-engineer common circuit types found in vehicles. Electrical Diagrams & Re-identification Technically, your bench is complete at this point, and you can connect an OBD-II to USB conversion device to start interpreting

10 min IoT

Building a Car Hacking Development Workbench: Part 1

Introduction There is a vast body of knowledge hiding inside your car. Whether you are an auto enthusiast, developer, hobbyist, security researcher, or just curious about vehicles, building a development bench can be an exciting project to facilitate understanding and experimentation without risking possible damage to your vehicle. This is a perfect project for people of a wide range of ages and skill levels. Even if you have never worked on a car before, or you do not feel like your Electronics

3 min Application Security

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application usernames, passwords, and PINs via a log transmission feature. This feature was introduced in version 3.9.4 on December 8, 2016, and removed by Hyundai on March 6, 2017 with the release of version 3.9.6. Affec

9 min Metasploit

Pen Testing Cars with Metasploit and Particle.io Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit [https://rapid7.com/products/metasploit/] compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any code (or read this) then I've also provided the full code as a library example in the Particle library and can be found here [https://build.particle.io/libs/spark-msf-relay/0.0.1/tab/example/msf-carlo

2 min Metasploit

Metasploit Framework Valentines Update

Valentines day is just around the corner! What could be a nicer gift for your sweetie than a bundle of new Metasploit Framework updates? The community has been as busy as ever delivering a sweet crop of sexy exploits, bug fixes, and interesting new features. Everyone Deserves a Second Chance Meterpreter Scripts have been deprecated for years [https://github.com/rapid7/metasploit-framework/pull/3812] in favor of Post Exploitation modules, which are much more flexible and easy to debug. Unfortuna

2 min Metasploit

Car Hacking on the Cheap

Metasploit's HWBrige comes with an automotive extension. This works out of the box if you happen to have a SocketCAN compatible CAN sniffer hanging around. However, if you don't have one, there is a decent chance you have a cheap sub $10 vehicle dongle in a drawer somewhere. If not you can probably pick one up on ebay super cheap. Metasploit supports the ELM327 and STN1100 chipsets that are very popular in these dongles. Metasploit comes with a tool to connect these devices provided your device

1 min Public Policy

Rapid7's Position on the U.S. Executive Order on Immigration

On Friday, January 27th, 2017, the White House issued an Executive Order entitled, “Protecting The Nation from Foreign Terrorist Entry into The United States. [https://www.whitehouse.gov/the-press-office/2017/01/27/executive-order-protecting-nation-foreign-terrorist-entry-united-states] ” As has been well-publicized, the Order suspends some immigration from seven Muslim-majority countries — Syria, Yemen, Sudan, Somalia, Iraq, Iran and Libya — for 90 days, halts the refugee program for 120 days,

6 min Metasploit

Exiting the Matrix: Introducing Metasploit's Hardware Bridge

Follow the white rabbit... Metasploit is an amazing tool. You can use it to maneuver through vast networks, pivoting through servers and even embedded OSes. Having a single interface for your team and yourself to control a web of servers and networks is extremely powerful. But sometimes you want to do more than control the virtual world. You want to control the physical world. You need to exit the Matrix. We recently announced a new addition to Metasploit to help you do exactly that: the H

4 min Public Policy

12 Days of HaXmas: Year-End Policy Comment Roundup

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. On the seventh day of Haxmas, the Cyber gave to me: a list of seven Rapid7 comments to government policy proposals! Oh, tis a magical season. It was an active 2016 for Rapid7's polic

2 min Transportation

All the (moving) Things!!

Until recently, I was running a small security testing company called Theia Labs. Theia was small, just myself and a few other contractors, but we built a solid reputation within the auto industry. During that time, I even wrote the book the Car Hacker's Handbook [https://www.nostarch.com/carhacking]. When Rapid7 approached me about potentially acquiring Theia Labs, I was really excited. Joining Rapid7 allowed me to move my tools and continue working on my research as I had before. However,

2 min Car Hacking

Hacking Cars is Sexy

Five years ago, if you wanted to publicly demonstrate a car hack it usually meant you would (at the very least) get a series of cease and desist letters. Of course this made it very hard for researchers to report problems. If a security researcher found something that they were concerned about and wanted to see it addressed, they would turn to the vendor to try and get it fixed. Unfortunately, automaker's websites didn't have a place to report security findings. You could try contacting supp

5 min Public Policy

Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law

Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927 [http://www.senate.michigan.gov/committees/files/2016-SCT-JUD_-09-20-1-01.PDF] – that forbids some forms of vehicle hacking, but includes specific protections for cybersecurity researchers. Rapid7 supports these protections. The bill is not law yet – it has only cleared a Committee in the Senate, but it looks poised to keep advancing in the state legislature. Our background and analysis of the bill is below. In summary

4 min Public Policy

Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201

On Mar. 3rd, Rapid7, Bugcrowd [https://bugcrowd.com/], and HackerOne [https://hackerone.com/] submitted joint comments to the Copyright Office urging them to provide additional protections for security researchers. The Copyright Office requested public input [http://copyright.gov/fedreg/2015/80fr81369.pdf] as part of a study on Section 1201 [https://www.law.cornell.edu/uscode/text/17/1201] of the Digital Millennium Copyright Act (DMCA). Our comments to the Copyright Office focused on reforming