Automotive hacking: Remotely hacking into a brand new car | Upstream Security
Вставка
- Опубліковано 19 січ 2020
- Watch how Upstream's security researcher hacks into a new car, gains full access into its capabilities, and takes control over the vehicle while being miles away in his office.
🌐Check Out Our Website! upstream.auto/
🔔 SUBSCRIBE IF YOU ARE NEW AND TURN THE BELL ON
Watch More Videos:
▶️ Introduction to Upstream Security
• Introduction to Upstre...
▶️ Upstream & Thales Discuss Cybersecurity for Smart Mobility
• Cybersecurity for Smar...
▶️ Securing the connected car- how big is the problem?
• Securing the Connected...
Thanks for being with us!
👍 Like the video
💬 Comment if you made it till the end!
🔗 Share the video with anyone you think it might help :)
The victim's acting is terrible, and this is _nowhere_ near as easy as it's depicted. For those wondering, this attack shown here involves using a pickle exploit to serialize malicious code that when submitted to a server, pipes in a backdoor for a remotely executable reverse shell. There is _no way_ they hacked a legitimate car manufacturer's telematics server to do this. That would require either permission and granted access (which would make this 'hack' a literal joke), or a massive amount of OSINT entirely predicated on the attacker knowing about the server's serialization vulnerabilities and them existing in the first place. On top of that, being able to identify and pinpoint a certain subnet IP for one specific victim would be like looking for a needle in a haystack, unless it was known beforehand, which would otherwise have required the attacker to have been in close physical proximity to the vehicle at some prior point in order to sniff its IPv4 or IPv6 address. This was obviously set up, likely by using an aftermarket telematics device that was plugged into this vehicle's CAM-BUS system and configured to connect to a server that they had access to and controlled.
@Krompopulous Michael I know he's right but I wanted to provoke extra info didn't work sadly
also this si not hacking 101 I wanted more depth I have been in the field for more than 4 years yet there are few points that I didn't fully wrap my head around wished for a paper or article but yeah
@Krompopulous Michael so you know how to actually hack a car telematics server ?? that's really dope would you mind sharing any stories articles or books that helped you in the past to exploit a car manufacture???
I don't think this is 101 hacking or maybe I'm that dumb and everyone is doing it easily
@Krompopulous Michael I don't know why but I can't seem to find other comments I posted
but as I already stated I did it so he gets baited to prove me wrong this works more than a simple question in the internet
deleted cuz I watch the vid also your comment explained to me he meant the general concept I miss understood what he was pointing at and also my tactic didn't work so it was useless to keep it
@Krompopulous Michael in anther comment I posted the paper they used to copy past this demonstration the comment was deleted but it's by Miller & Valasek they already published all their work but I can't post it it seems my comment will be deleted again such a bad tactic by this channel to censor people from exposing them
@@ko-Daegu What did you want to know, specifically? And no, you couldn’t pay me enough money to risk jail time trying something like this. So forget about trying to ‘bait’ me with troll comments. I _have_ a code of ethics, unlike krombopulos michael, who will kill anyone, anywhere… children, animals, old people…doesn’t matter. He just loves killin’!
I haven’t read the paper you’re speaking of, and don’t need to. The methodology is fairly apparent on its own. Doesn’t take a skilled hacker or anything beyond rudimentary coding and network knowledge to figure it out, no offense. In fact, all of the information you need to understand how this is done is freely available on the internet in introductory textbooks and forums such as stack overflow. I’m not even an IT professional. This isn’t my day job and I don’t possess a degree in anything computer related. Programming and networking is just something I’ve dabbled in on the side for the past several years. And I’m not a black hat.
Regardless, we live in a day and age where understanding the nuts and bolts of something like this isn’t even completely necessary to accomplish something along these lines. Heck, nowadays, your average script kiddie can use automated frameworks like metasploit that will do the OSINT and payload deliveries for you. Honestly, and I mean no offense by this, but if you were having any amount of difficulty wrapping your head around anything written in my OP, you shouldn’t be dabbling on the dark side. You’re going to get yourself caught and when you do, face prison time and/or financial restitution. It’s not worth it, and besides, what would be the purpose? So you can hijack someone’s CAN-BUS and put their lives at risk, as well as the other people around them? If you’re after ransom, your average person doesn’t even _have_ crypto, let alone enough to make it remotely worth it, no pun intended. As they say, play stupid games, win stupid prizes. If you want to learn and test your mettle on safe (and legal) platforms, there are plenty of free options out there for exactly this purpose. As Michael mentioned, hack the box and DVWA to name just a few.
Cool buddy 👍🏻
From Malaysia 🇲🇾
How to do that
Give the code file!
is not fake bro it's real bro this in Israel
We know it’s real, we’re asking for the python script.
Cough the script I don't wanna search for a pickle script lmao
Which magical python script is he running
If only they did not show the screen, it would be more convincing that the guy is a professional hacker
This is fucking hilarious
Ok I just won’t get a car with folding mirrors
I have never seen a man so genuine as this guy🔝he’s really a man of he’s words ❤️
good isral
I want to learn. Will you please give some hint where I can learn?
Forums, google, just search and someone will tell
In your dreams, lol it's not as easy as it would seem, I can't say for sure because I have never attempted it, but I could imagine it would be a hassle, also you'd likely end up in a jail cell in you did take control of someone's car without permission of the owner, so there's that too
Hack the BMS over load the battery and lock the driver inside.
Are you using just a command or python you downloaded to your Computer? Thanks
please spanish subtitles!
But you can't just exploit a remote server with just one command 🤔
everything is possible in Israel 🇮🇱
They aren't showing you the full thing obviously
well yes if all the commands needed are scripted into one executable as it is clearly done here. ----> Automation
That is very god
Wow this sounds like what happened to me
Really?
This is why i daily drive a 1988 mercedes and a 1996 miata. All mechanical. Cant hack those
Homie is bashing that enter key.
Also.. this does not seem real.
It's real.
this look so fake
2:24 Mirrors are closed
2:37 Mirrors are open
It’s Fake!
@Eden Peter do you mean phishing? It’s not Hacking, it’s scamming.
It's scripted..
It is
So if you install a malicious update on a computer (even though it's a driving one) with full privileges, you can bring the computer to do malicious stuff? Shocker!
Maybe do a video next time where you 1337 h4x a laptop, by downloading a virus and installing it onto the laptop with admin privileges, it's crazy that it can access your webcam and shut down suddenly!
Which language u
You used please tell
It looks like a Python file. The first few seconds you can see the file is saved as a .py
. Py
Wonder if this is going on GitHub 😹
Jajajajajajajajaja😅😅😅😅 voy a hacer una broma al vecindario
You are not fooling anyone with this
ابوياا
I'm going to give this video a dislike while I still can.
I have never seen a man so genuine as this guy🔝he’s really a man of he’s words ❤️
I have never seen a man so genuine as this guy🔝he’s really a man of he’s words ❤️