Skip to main content

Distinguished Seminar:  Remote Exploitation of an Unaltered Passenger Vehicle

Date:October 12, 2015 
Talk Title:Remote Exploitation of an Unaltered Passenger Vehicle
Speaker:Chris Valasek, Security Lead, UBER Advanced Technologies Center
Time & Location:12:00pm - 1:00pm
DEC, CIC Building, Pittsburgh

Abstract

Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we're all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle's hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks.

Speaker Bio

Chris Valasek is a Security Lead at Uber’s Advanced Technology Center (ATC) in Pittsburgh. Valasek is regarded for his work in the automotive security arena. Most recently, Valasek was lauded for the remote compromise of a 2014 Jeep Cherokee, whereby he and his research partner obtained physical control of the vehicle. Valasek specializes in reverse engineering and exploitation research. Chris has a B.S. in Computer Science from the University of Pittsburgh and is the chairman of SummerCon, America’s longest running hacker conference.