TyphoonCon
  • About
    • About Us
    • Venue
    • Sponsorship
    • Press
    • Code Of Conduct
    • Contact
    • COVID-19 Regulations
    • Past events
      • TyphoonCon 2022
      • TyphoonCon Capture The Flag 2021
      • TyphoonCon Capture The Flag 2021 Write Ups
      • TyphoonCon 2020
      • TyphoonPWN 2020
      • TyphoonCon 2019
  • Conference
    • 2023 Speakers
    • Call for Papers 2023
  • Training
    • Introduction to hard target internals
    • Attacking the Linux Kernel
  • TyphoonPWN
BUY TICKETS

“How Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and many other, came to light”

About the trainer:

Sam Curry is a Staff Security Engineer at Yuga Labs and the founder of Palisade. He runs the blog “samcurry.net” where he shares security research and collaborates on group hacking projects.
 

Talk overview:

In early September, we made it our goal to find as many vulnerabilities in as many car companies as possible. Over the next few months, we were able to remotely start/stop, lock/unlock, flash lights, open trunks, and honk the horns of all smart-enabled Toyota, Nissan, Infiniti, Genesis, Honda, Accura, and Lexus vehicles.

We gained intimate access to the internal networks of BMW and Mercedes-Benz, being authorized as fully permissioned SSO users with access to dealer portals, Github, Slack, and hundreds of mission critical applications.

We found systemic access control vulnerabilities affecting telematic and fleet-management companies, allowing us to dispatch and track police cars, ambulances, and truckers. Join us as we discuss our findings as web hackers attempting to hack the auto industry!

The talk would go into the methodology, research into automotive security and our outlook for future automotive security.

BUY TICKETS
  • Facebook
  • Twitter
  • Linkedin
  • Email