TRAINING: CAN Hack! Hands-On Automotive Security Training

Please note that this is an optional training, and not part of the regular conference agenda!

Jonas Magazinius (Assured AB) offers an automotive security training called “CAN Hack!”, aimed at anyone interested in the security of connected vehicles. The training combines theoretical lectures with hands-on challenges against a physical, simulated car. Participants will learn how a modern vehicle communicates internally (between components) as well as externally with the driver, passengers and remote services and how to exploit vulnerable or weak implementations of security concepts. The training is designed to be delivered as a one-day workshop with theoretical and practical parts in an interactive fashion. The day is ended with a hands-on, CTF-style series of challenges and a race for the win! Participants will be given a virtual machine with all the necessary tools and configuration needed to connect to the challenge platform, named “CyCar”. This device tries to simulate a vehicle infotainment and telematics system, often available in modern vehicles. Participants may be grouped in pairs depending on the availability of CyCars. Target audience This course mainly targets developers, architects and students working with automotive solutions but fits anyone with an interest in automotive security, hacking and embedded system security. Attendee prerequisites Participants are required to have a basic to good understanding of networking and basic Linux commands. A basic understanding of binary and hexadecimal notation is recommended. A basic understanding of cryptography is helpful but not mandatory. A basic understanding of embedded systems is helpful but not mandatory. Required material (not included) Participants need a laptop with adequate specifications and administrative rights in order to launch a Virtual Machine with the lab environment. Corporate laptops with mandatory VPN settings are not recommended since they often subvert the lab network. What you will learn The training will touch areas such as: Automotive security concepts CAN and serial bus communication The basics of vehicle ECUs Embedded security Cryptography Vehicle on-board diagnostics (OBD) Vehicle telematics API and application security Car hacking tools

Presented at Security Fest 2019.

Speaker: Jonas Magazinius

Please note that this is an optional training, and not part of the regular conference agenda!

About Jonas Magazinius

Jonas Magazinius

Jonas Magazinius is a security specialist and researcher who spans both security in theory and in practice. He has worked professionally with security since 2003, and holds a Ph.D. in Computer Science with focus on application security. He has been involved in several automotive security research projects over the last several years, including HoliSec, HeavenS and most recently CyReV.

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.