Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016
Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016
Watch Samy most recent talk on Browser Manipulation https://www.youtube.com/watch?v=K1T_miPTvPA
In this talk I’ll introduce radio hacking, and take it a few levels into hacking real world devices like wirelessly controlled gates, garages, and cars. Many vehicles are now controlled from mobile devices over GSM and the web, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio, HackRF, Arduino, and even a Mattel toy).
We’ll investigate how these features work, and of course, how they can be exploited. I’ll be going from start to finish on new tools and vulnerabilities in this area, such as key-space reduction attacks on fixed-codes, advanced “code grabbers” using RF attacks on encrypted and rolling codes, exploiting mobile devices and poor SSL implementations, and how to protect yourself against such issues.
By the end of this talk you’ll understand not only how vehicles and the wirelessly-controlled physical access protecting them can be exploited and secured, but also learn about various tools for hardware, car and RF research, as well as how to use and build your own inexpensive devices for such investigation!
Samy Kamkar
Samy Kamkar is an independent security researcher, best known for creating The MySpace worm, one of the fastest spreading viruses of all time. His open source software and research highlights the insecurities and privacy implications in every day technologies, from the Evercookie which produces virtually immutable respawning cookies, SkyJack, the drone that wirelessly hijacks other drones, and KeySweeper, a wireless keyboard sniffer camouflaged as a USB wall charger. He continues to release new tools and hardware, for examples most recently the ProxyGambit, OpenSesame and ComboBreaker tools.
–
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
I definitely need to hear about this bc it’s been a problem with this in my on life … thank you so much for this
Gone in 8 seconds
it was a nice presentation. I am little curious about the questions end of the presentation. bt thanks for the knowledge .
Now this is some useful information
⬆️⬆️⬆️⬆️⬆️⬆️⬆️
For a legitimate experience💯
*THANK* *YOU* *SO* *MUCH* *D* *U* *D* *E* 👆🏼 *FOR* *GIVING* *ACCESS* *ME* *INTO* *MY* *MAN’S* *PHONE* ..
Funny little joke at 19:20
in the old days my dad had a garage door opener that had a roller switch where you could just stand in front of whatever door hold down the button then roll the switch back and forth till it opened it took seconds
I will never rely on gps again. Holy.
This will sure help the bad guys. They must love you 👎
im glad your on our side
Sir how my thinking hacking by radio frequency, becoze when ever iam thinking inside me my formor church pepole (hackers) sending same recomondations in youtube,in 2016 i sleep in church premisis i experience some eloctric shock in my right side belli area,then iam manuepulated by them i canot live myself no privasi to i feel so bad plz replyto my comment.
hazadhackha_ is that guy, how he gave me an original certificate even with my lapses in school is beyond me, but I have a solid job with that certificate, safe to say it worked, I shouldn’t have said that, oops but I’m Anonnymous who would know? Hahaha .
im glad your on our side
some one just hacked my key fob yesterday and remote started my vehicle. 2 hours later they also unlocked the doors while i was inside a restaurant. How do I protect against this?
he should of called the method "jam roll"
What if someone sent a random video to my phone. And when that video was finished it was gone. With no trace. It looked like a YouTube video but didn’t show up in history. How do I find out who sent it?
They did my own perfectly within some minutes he’s just so good in this.
whoa dude do you see that door behind him marked pirate, you think a pirate live in there???????????
Fbi planes have now pivoted to drones and there’s prob 60 drones from the once 2 planes. I can see the hertz from these drones via naked eye
Can track and trace my stolen phone?
They did my own perfectly within some minutes he’s just so good in this.
Fascinating. Great job on the presentation. Ten stars
Locking scooters is what makes dangerous interference to then throw u off . Had fun for while but sinister as fuk
Code monkey shout out!! Cool
They did my own perfectly within some minutes he’s just so good in this
Boring and does not hold attention, annoying voice and i wanted to get into the topic and the info but this presentation is just boring useless garbage… 20$ something device… gone in 60 seconds bla blah blah like what are you trying to talk about here… get your shit together guy…
if your friend would read the manual of his car he would find the information as well. without even knowing what FCC ID stands for…. 😕
Check out AM frequencies 666 upwards ….you can hear these demonic creatures through the white noise
After 9 years of my graduation, I came to know why this subject was in Computer Science and Engineering in India.
They did my own perfectly within some minutes he’s just so good in this.
Can u hire my chain saw, go ruuuwwwtttt
I wish that you repeated the questions. So I could understand what you were responding to.
*THANK* *YOU* *SO* *MUCH* *D* *U* *D* *E* 👆🏼 *FOR* *GIVING* *ACCESS* *ME* *INTO* *MY* *MAN’S* *PHONE* ..
Samy is gonna wreck the car
Revert back to key only. Could cc TV recordings be compromise by external player’s . What’s safe !
They did my own perfectly within some minutes he’s just so good in this
Why not just try every code within an address space of the rolling code, e.g., 16 bits then 65,535 codes? May take a few minutes but the end goal is to get in the car. Unless the car companies require a maximum number of tries before a time period is needed to try again.
I was really hoping to learn how the author of "Runaway General" was killed.
Awsome
They did my own perfectly within some minutes he’s just so good in this.
45:50 “does Chrysler also have…” best part of video 🙂 dyed laughing
Good thing my phone has Probe attack protection built-in.
They did my own perfectly within some minutes he’s just so good in this.
Question Samy! If I am searching for a vehicle that was involved with a freeway "roadrage" murder, and I have the make, model, location and time, could you help? It’s a long shot but the vehicle would have been equipped with onstar.
As soon as you started explaining that you were cutting the pauses between the signals I said to myself "we can use superpermutations here"
Really good one, thanks.
Bad Ieutenant POCNO Lizardz
They did my own perfectly within some minutes he’s just so good in this.
What do you know about things that cause this buzzing in your ears? Im on this for some reason. Can you help me? What if someone is misusing devices and hurting people.