However, in most of our penetration tests, we've found the Head Unit maintains connectivity with the TCU over a hidden wireless network that doesn't broadcast its ESSID. It goes without saying that this depends on the implementation by the manufacturer. This architecture is quite common across OEMs.įigure 1: Head Unit (HU) connectivity in the in-vehicle network In-Vehicle Terminology and Network Architecture The concept here is a step-by-step process that should be followed by first starting out with intelligence gathering, reconnaissance, vulnerability analysis, exploitation, post-exploitation, then finally, reporting. I personally subscribe to the P enetration Testing Execution Standard (PTES). While your overwhelming desire may be to immeditely jump into Metasploit and start "pwning" I want you first to take a step back and realize that no penetration test should be performed without first having a modus operandi (read: methodology) before doing anything. side of me and talk a bit about methodology before we jump right into "pwning" cars. Retail: $420.00, Duck Antennae: $6.00 eachīefore we do anything, I want to explore the O.C.D. Make sure to pick up (2) duck antennas on Amazon. I will explain the differences in later articles, but for now, you'll want to pick up a BladeRF (the x40 will suffice just fine). That said, we will cover some of the items you'll need in your kit as we go through these tutorials and videos over the next few months.īladeRF: No -, not HackRF, but BladeRF. Unfortunately, the fact of the matter is, if you want to get into connected car penetration testing, your lab and "jump kit" is going to be more expensive than a traditional penetration tester targeting computer networks instead of in-vehicle and v2x networks. I then go on to explain what a rogue base station is as we begin to build our jump kit for performing penetration tests of head units and TCUs.
#Postknight pets wik series#
In this first article to the series I explain in-vehicle network architecture, how the infotainment system ("head unit") communicates with the telematics control unit (TCU), and how the entire in-vehicle network ecosystem is structured.
As a harbinger to my upcoming book, I'm publishing a series of articles I'm calling "The Hitchhiker's Guide to Hacking Connected Cars." “Abashed the devil stood and felt how awful goodness is and saw Virtue in her shape how lovely: and pined his loss” ― John Milton, Paradise LostĪfter four years of research and culling together lessons learned from over two dozen penetration tests of telematics control units (TCUs) head units and speaking at connected car conferences in the US, Germany, Sweden, UK, India, and Japan, I have been picked up by a book publisher to author the first book on hacking connected cars, which will hit the book shelves around the world in early 2018.
0 kommentar(er)
