Look At What My Car Can Do

Video thumbnail (Frame 0) Video thumbnail (Frame 2897) Video thumbnail (Frame 3878) Video thumbnail (Frame 6252) Video thumbnail (Frame 14231) Video thumbnail (Frame 22210) Video thumbnail (Frame 23876) Video thumbnail (Frame 25576) Video thumbnail (Frame 30249) Video thumbnail (Frame 31837) Video thumbnail (Frame 34952) Video thumbnail (Frame 35908) Video thumbnail (Frame 37443) Video thumbnail (Frame 38626) Video thumbnail (Frame 40337) Video thumbnail (Frame 42142) Video thumbnail (Frame 45424) Video thumbnail (Frame 46777) Video thumbnail (Frame 49395) Video thumbnail (Frame 50926) Video thumbnail (Frame 54912) Video thumbnail (Frame 56085) Video thumbnail (Frame 58345) Video thumbnail (Frame 60241) Video thumbnail (Frame 61195) Video thumbnail (Frame 62157) Video thumbnail (Frame 63103) Video thumbnail (Frame 63996) Video thumbnail (Frame 65304)
Video in TIB AV-Portal: Look At What My Car Can Do

Formal Metadata

Look At What My Car Can Do
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
This presentation is an introduction to the new world of automobile communication, data and entertainment systems, highlighting the Ford Sync System. The Ford Sync System is a remarkable technological advance that has changed the automobile industry. While hard drives have been used in automobile entertainment applications for some time now, the Ford Sync System is different. It allows the user to interact with the car's communication system in a brand new way. If a vehicle with the Ford Sync system is used to commit a crime or to hide data, how would examiners be able to determine what data might be contained in the Ford Sync System? How does it get there? What forensic process or type of exploitation can be used to determine what traces are left behind on the car's hard drive? This presentation will take the audience through the process of various methods of infilling, hiding, acquiring data, and conducting a forensic exam on the Ford Sync System. Tyler Cohen is known in the digital forensic community for her work with forensics on alternate media devices and has given presentations at conferences all over the country on the topic, including the Defense Cybercrime Conference, High Tech Crime Investigation Association, Defcon, TechnoSecuity, Technoforensics, and the California District Attorney Association. She has co-authored a book entitled Alternate Data Storage Forensics (ISBN - 13: 978-1-59749-163-1) and was featured in Best Damn Cybercrime and Digital Forensics Book Period (ISBN-13: 978-1-59749-228-7). She currently works for the Department of Defense. Prior to that she worked for General Dynamics, assigned to the Department of Defense Cyber Crime Center (DC3) where she was a lead digital forensic examiner. Here she used her expertise in intrusion analysis and major crimes to successfully complete digital forensic exams. Before joining DC3, she was employed at ISS/IBM as an emergency incident responder and forensic examiner where she also showcased her expertise in intrusion analysis, major crimes and PCI standards. Prior to that, she worked for NASA as a Computer Forensic Examiner under the computer crimes division for the Inspector General.
Digital photography Word Message passing Presentation of a group Multiplication sign Game theory
Presentation of a group Presentation of a group Dependent and independent variables View (database) View (database) Exploit (computer security)
Presentation of a group Functional (mathematics) Musical ensemble Transportation theory (mathematics) INTEGRAL Information and communications technology Disintegration Streaming media Content (media) 2 (number) Usability Inclusion map Internet forum System programming Integrated development environment Information Digital rights management Vulnerability (computing) User interface Information Channel capacity Augmented reality Digitizing Information and communications technology Content (media) Expert system Usability Digital signal Perturbation theory Cartesian coordinate system Connected space Inclusion map Word Digital rights management Arithmetic mean Vector space Computer crime Function (mathematics) System programming Synchronization Connectivity (graph theory) Video game Point cloud Transportation theory (mathematics) Automation Remote Access Service Family
Computer virus Email Presentation of a group Information privacy Side channel attack Usability Neuroinformatik Medical imaging Malware Synchronization Enterprise architecture Electric generator View (database) Data storage device Control flow Type theory Message passing Digital photography Malware Telecommunication Remote Access Service Hacker (term) Point (geometry) Trail Statistics Freeware Decision tree learning Computer file Observational study Information and communications technology Login Portable communications device Number Goodness of fit Propagator Hacker (term) Profil (magazine) System programming Address space Information management Information Weight Content (media) Usability Audio file format Peer-to-peer Uniform resource locator Word Mixed reality Connectivity (graph theory) Filesharing-System Wireless LAN
Musical ensemble Presentation of a group Computer file Computer-generated imagery Disintegration Flash memory Generic programming Rule of inference Medical imaging Coefficient of determination System programming MP3 Module (mathematics) Execution unit Email Electric generator Computer file Data storage device Multilateration Disk read-and-write head Digital photography Curvature Malware System programming Interface (computing) Directed graph
Presentation of a group Musical ensemble Module (mathematics) Connectivity (graph theory) Disintegration Flash memory Execution unit Mass storage Data storage device Plastikkarte Login Number Flow separation Read-only memory Blog Profil (magazine) Operating system System programming Arrow of time Message passing Module (mathematics) Execution unit Electric generator Information Data storage device Plastikkarte Usability Audio file format Disk read-and-write head Sign (mathematics) Subject indexing Number Digital photography Message passing Software Finite difference Computer hardware System programming Synchronization Hard disk drive Navigation Window Directed graph
Greatest element Socket-Schnittstelle Module (mathematics) Computer file Multiplication sign Flash memory Binary code Regular graph Raw image format Sequence Digital electronics Number Medical imaging Number Whiteboard Read-only memory Blog Synchronization Energy level Right angle Message passing Software development kit
Module (mathematics) Module (mathematics) Mathematical analysis Online help Number Goodness of fit Read-only memory Blog Synchronization Synchronization Video game console Video game console Message passing Directed graph
Execution unit Stapeldatei Module (mathematics) Electric generator Computer file Audio file format Disk read-and-write head Digital electronics Disk read-and-write head Uniform resource locator Whiteboard Synchronization System programming Hard disk drive Video game console
Execution unit NP-hard Medical imaging Computer-generated imagery Execution unit Hard disk drive Client (computing) Disk read-and-write head Firmware
Module (mathematics) Laptop Execution unit Musical ensemble NP-hard Euclidean vector Mapping Connectivity (graph theory) Password Control flow Entire function Disk read-and-write head Number Power (physics) Medical imaging Digital rights management Medical imaging Password Computer hardware Hard disk drive Digital rights management Writing Laptop Middleware
Asynchronous Transfer Mode Euclidean vector Computer file Structural load Code Hermite polynomials Medical imaging Malware Computer configuration Computer hardware System programming Process (computing) Website Maß <Mathematik> Enterprise architecture Execution unit Key (cryptography) Client (computing) Menu (computing) Bit Disk read-and-write head Social engineering (security) CAN bus Process (computing) Computer configuration Software Computer hardware System programming ECos Website Right angle Asynchronous Transfer Mode Firmware
Suite (music) Euclidean vector Connectivity (graph theory) Execution unit 1 (number) Data storage device Plastikkarte Social engineering (security) Product (business) 2 (number) Different (Kate Ryan album) Software Operating system System programming Office suite Wireless LAN Electric generator Information Data storage device Plastikkarte Bit Social engineering (security) Sign (mathematics) Software System programming Hard disk drive Right angle Wireless LAN Window Navigation
Point (geometry) Musical ensemble Mapping Information Firewall (computing) Connectivity (graph theory) State of matter Plastikkarte Streaming media Plastikkarte Formal language Malware Digital photography Software Internetworking Personal digital assistant System programming Hard disk drive System programming Video game console Wireless LAN Navigation
Mobile Web Digital photography Electric generator Mapping Computer configuration Internetworking Set (mathematics) Wireless LAN Connected space
Computer virus Computer virus INTEGRAL View (database) Information and communications technology Disintegration Information and communications technology Uniform resource locator Software Computer configuration Hacker (term) Videoconferencing Communications protocol Wireless LAN
Computer virus Goodness of fit Exclusive or Disintegration Information and communications technology System programming Convex hull Collision Plastikkarte Portable communications device Vector potential
Source code Crash (computing) Musical ensemble Collision 2 (number)
Uniform resource locator Witt algebra System programming Topological vector space Moving average Transmissionskoeffizient Collision Computer programming
Point (geometry) CAN bus Mathematics Multiplication sign Histology System programming System programming Right angle
CAN bus Crash (computing) Freeware Googol Multiplication sign System programming Physical law Summierbarkeit Rule of inference Vector potential
Enterprise architecture Computer file Computer crime Multiplication sign Operating system System programming Firmware
so what we're going to do since you guys were so cool we're going to kind of turn this into a drinking game so digi has has brought some some booze with him we're going to kind of pass some of it out as much as we can every time I say the word um you have to drink and I say on the lot do you want to just like pass them around but you can just alcohol kills all the germs so it so whoever has it you just keep passing whoever has it when I say um you have to drink oh thanks actually I'll get with you later because I am interested in then so my name is is Tyler Cowen this presentation is look what my car can do um I want to give a special thanks to Ben Joel markrob Pietr Zak Matt Kate Maddie and Charles now some of these people know that they helped me some of these people do not so you'd be kind of surprised at how many people I asked if I could rip apart their cars and they said no like it's for science come on so we had to come up with creative ways to get access to these cars this car that I'm standing in front of is a ford fusion 2011 and in one of the photographs there's a little hint from where that car came from if any of you guys can see the hint pick up on it and say where that car came from Zach over here we'll buy you a beer so just call it out when you see it but it's in one of the photos alright so
this is a disclaimer yes I work for the Department of Defense this presentation reflects my own views not any of those of my employer anything that I show in here or talk about potential things that you can do I take no responsibility if you happen to avoid your warranties I also unfortunately had to tailor my presentation at the last minute I didn't want to get fired or sued by Ford so there are things that I'm not going to be able to say but I can hint to them so i'm going to give
you an overview just a quick introduction we're going to talk about the technology avenues of exploitation resources and then the future so also i
am a in I've had about 10 years of experience doing digital forensics I've worked for the Department of Defense cyber crime Center IBM NASA ever it's like what you did forensics for NASA what were you like going after people from uranus or something oh sorry i think that was funny it never gets old either but so that's what this presentation is going to be geared toward it's going to be geared toward a forensic analyst and what they can get from these cars but also as a user you have to understand that there's information that you're putting out there on these cars that is giving away stuff about you so cars are not just for transportation anymore they are now becoming entertainment centers communication hubs these vehicle systems now store and stream digital content and they're used as communication mediums so it's not like the old days where your car was just your car this is now you know in today's today's world people want to be connected to their social networks they want to be able to find everything they want access at their fingertips and they should i do too so
manufacturers are coming up with really innovative ways to mar and sell vehicles emphasis has been on technology integration and Ford has been leading the way since 2007 with the inclusion of the Microsoft Sync system in its vehicles so I kind of look at Ford as what Apple did how Apple reinvented the digital music players Ford is paving the way for cars so their their systems are much more advanced than any of the other systems so what are the designers thinking when they're designing these cars obviously they're concerned about safety but aside from safety Ford is really really really concerned with digital rights management now since they're using the microsoft OS we know that it's microsoft drm technology now i bet you there's some of you in the audience who are experts at drm vulnerabilities and cracking and know a bunch of research that applies to that but basically what I'm saying is that the microsoft drm is vulnerable in ways in any way that microsoft drm would be vulnerable it's vulnerable in this capacity to because it's using the same technology designers are also thinking about connectivity user to user and kartik our ease of use you just want your stuff to work and reliability so what do I mean by connectivity cars are really concerned with users connecting to their users stuff your gadgets and their functions are being integrated into your driving experience so I want my content and I want it now I want all my music that's stored in the cloud and I want to be able to access it wherever I am I want to be able to connect my phone and have it stream all of my information I want to be able to use voice voice dialing I want it all just there I want be easy and then you also want to have be connected to your user environment you want to have your social applications available to you and you want your car to do it my car why shouldn't it give me the cheapest price of gas why shouldn't it tell me happy hour specials my my brother Zack over here he likes using social applications to look for hot chicks and dudes he he puts it up the augmented reality and he said he can see you can see how far away a hot chick is from him and he can chat with her he can say yeah I'm going to check in and I'm going to check in with you and let's meet up why can't your car do that for you ease of use your stuff should just work I mean most of us are pretty lazy we just want our stuff to work we buy it we spend a lot of money there shouldn't be any issue so the the car companies are moving toward driving not interfering with your social life and things just working that means more automation more integration and more inner interoperability that's a tough word well what exactly exactly so what does that mean for us well the more automation what is that that means the more vulnerabilities and more vectors of attack so these are things that I want is to just kind of beekeeping in our minds reliability again they should just work there have been some complaints with the Ford systems that i've been reading on the forums and then from people who actually have these cars there's complaints that the car enters entertainment system reboots while driving which is kind of a problem actually not all of it as gonna see in a second not all of it is changing songs shouldn't take 15 seconds and stored data should be accurate I know that you guys are all familiar with that story I don't know if it's a true story or not but woman had her was using her GPS caught in her gps data and it essentially told her to drive off a cliff so she did and she died I don't know if that's true or not but basically you want your data to be accurate so stuff like that doesn't happen all right so what our users thinking they're thinking we want safety again ease of use and connectivity something that they should be thinking about is confidential confidentiality of their data there's a lot of data that i'm going to show you is actually stored on these devices they need to be thinking of you know a friend could come into their car and get their data if they have device is set up for that these devices have remote access now they have wireless on them there's bluetooth or a forensic analyst you know could come in and take get your data so they really need to be cognizant of
what's being put on there so you know if there's photographs or things on there that you don't want to be found just just don't put them on there I mean simple as that what are hackers thinking well what do hackers do they make something do what it's not meant to do so some things that have actually happened some things that are going to be happening probably in the future controlling the car remotely so using the the wireless that the communication system is connected and that's been proven I believe at this conference and then there was a study a school study where they've dealt with the tire pressure it's been proven that these communication systems are connected to the car's onboard computer so it is very possible to get a piece of malware get it in through the communication system on the car and then roll the car you can stop it start it really whatever you want to do so hackers and hackers good hackers black white hackers of both thinking about protecting or stealing personal data so again there's a lot of data that you have on this device you really have to think of these devices like a computer anything you wouldn't want to put on your computer you don't want to put on your car side channel columns these cars can be used as communication devices when speaking to other cars and i'm going to show you at the end of this presentation the IntelliJ I and cars are broadcasting Wi-Fi coordinates and essentially you can use this for communication you can use the bluetooth for communication you can use the wireless for communication and you can do these in such a way that your traffic is not necessarily going to be intercepted and I'll let you guys kind of ponder ponder that one use these cars as peer-to-peer devices share your music share your content um surveillance I can get something in the car so that I can monitor the car I can see where it's been um there's so that surveillance or again you know just using it light like Zacks going to do to just find hot chicks it could also be used these vehicles for propagating viruses and malware so my vehicle get it vehicle for propagation because it's a vehicle yeah so you can use this car and this car can actually be a virus that is infecting other cars as i drive past it these are just potential things for the future but not that far off in the future and then forensics which is which word is where where I kind of come into this and that's where the rest of this presentation is going to kind of go what if anyone has any questions please just just jump in um so so what is stored what are stored on these devices now these systems can store navigation data where you've been where you're going I can save track data save locations previous destinations which is a good thing too because you kind of have to you have to find that mix between privacy and then usability I personally like it saving my data because then that way I don't have to type it in because I never remember addresses and it's just already there I'll phone related information when you pair your phone up it's going to save the Bluetooth mac ID pretty much most the information on the phone your contacts call logs SMS messages call history save numbers that's going to be maintained so hint if you got if you rent a car from like enterprise hertz or whatever and you pair up your phone just make sure you delete the profile it's not going to be completely gone but at least it'll make it a lot harder for someone to get your data music files image files the the Ford SYNC generation one you can put 32 files 32 photos on on the on the car uservoice profiles information about the car potentially this is a kind of now kind of future stats on how am i driving do I speed all that kind of good stuff previously connected USB devices wireless access points where you've been with the wireless and then in the future like I said the the driving habits and if anyone can think of more that I would miss out just just let me know after because there's there's a ton of data that's contained in those cars okay so
as a forensic examiner you know why would I care about photos or songs well these photos oh sorry by the way Zach I I rated your music collection you don't mind that I borrowed your ace of base to you alright so you think that that's just a mp3 file of Ace of Base it's not it's dead with Zach's ways to pick up hot chicks just a regular photograph by the way that's is that the cutest dog you've ever seen in the world yeah he is like his little mohawk baby so that's that's a stag photo as well so or child porn images malware really anything that you want to hide in there because if you upload any one of these files whether it's it's stag or you've manipulated it as long as the header and footer are going to match the car is going to going to accept it in so you can use it as storage all right so these are two
pictures of vehicles they're embedded fully integrated systems with the vehicles there's two two different styles that I'm showing you right now in the first generation the first is a Ford Fusion 2011 without the navigation system so you can see it's just kind of got the little uh the little teeny faceplate on the radio and then you've got the full navigation system now the navigation so gives you the ability to store data without the navigation system the only way you have the ability to store data is on the flat flash ROM chip it chip in the sink module which I'm going to get to a little bit later but that's kind of what they look like that's I think a ford edge 2011 yes oh no no no no it's much more subtle and it's later in the presentation but you know this free beer means you have to sit and talk with Zack for a while but maybe he'll go over his rules of finding hot chicks so the first
generation Ford started doing this in 2007 and first generation is to 2011 ish maybe 2012 ish because some cars still have this some cars are moving on to the second generation now there are two separate components yes now reader that's there there is that potential but that's coming up in the end of the presentation that's that's gen 2 so this this is still the gen 1 but um so it has separate components on the head unit so you have a well we'll get deeper into that it's got storage it's got a hard drive in it the the second generation some of the 2011 s already haven't but it's really going to be the 2012's and 13s and up it's a single integrated unit so the sink module and the nav system are all going to be in one and the storage some of them will still have hard drives but they're moving away from hard drives as storage they're going to have a SD card that has a software lock on it and external USB storage and streaming for your data so they're moving away from them having the integrated mass storage both of these generations are updateable through USB which is going to be important later alright so the first generation which is what you probably see on the road right now the sink module the operating system is Microsoft automotive and it's a window siiii based operating system data is stored in this in this module is chip which I'm going to show you a picture of later you can get all the phone phone related information music indexes uservoice profiles and then there's a couple of other little stuff that's going to be in there too that could be relevant or might not be relevant to but it's stored in this NAND flash chip the head unit which is the nav system it contains it's got the Micra operating system its Clarion vxworks and the way that we first found out that that the there were two different operating systems on the nav and on the sink module we took the sink module out of the car and the navigation system still works we're like huh so that's that's kind of that that was a hint for us that there were two different operating systems it's got a 40 gigabyte paid a hard drive with a TPM style protection on it data stored you can get music files photos navigation data so
this is this is the inside of the sink module you can see where the little arrows pointing that's the the samsung NAND flash now when you open these up it doesn't mean that in every car you're going to have a samsung NAND flash it could be a different manufacturer it just kind of depends on where that car was built but it's going to be in roughly the same place and it's going to work the same way so again this is going to contain the Microsoft operating system paired previously paired bluetooth information contacts call logs SMS messages phone history save numbers so it is of relevance if you're a forensic examiner if you're trying to hide the data it's also relevance because you don't want it to be accessed so you want to again delete the profile or wipe it or whatever now I don't know how many of you guys have done a lot of work with doing forensics on NAND flash but it's not fun so what you have to do
is there's a few ways you can do it as you saw there's a spare USB port on this
device that you could try to acquire the nand flash from we actually didn't do that so i don't i don't know there's also the the jtag ports right over here
kind of at the bottom you can see him we also didn't do that what we did was we
what we not what we did because we didn't do anything necessarily remember hint hint but what could be done is you could take the chip you could remove it put it in this this flashback device stick it in one of the sockets that it fits and what's going to happen is it's going to spit out a binary file and for those of you who have done any forensics on the nand flash it's kind of a pain because the way that it works is you have you have the wear leveling which is going to be different for each chip manufacturer but you can still figure it out so for this one you have every sector on the flash kit can be written over only 10,000 times so what's going to happen is you're not going to have consecutive sectors and there's going to be I've always forgot is if it's a fork a chunk or if it's a 16k chunk that has a numbering sequence so it's numbered a chunk right in front of each sector that tells you where that sector goes so what you have to do is you have to get this binary file out of this thing and you have to manually remove those chunks that tell you that the number of where each chunk is reorder them and then you can pop it into any forensic tool it'll just be a regular raw DD image file so that's how you have to do it maybe it sounds complicated to you maybe for some of you it doesn't but it's really not that difficult it sounds a lot worse than it is so so it is doable so
removing the sink module I had a lot of other pictures I mean we just tore these cars apart and this one actually I got permission by my good friend Ben who I wish he was here when I asked him if I could tear apart his car he not only said yeah of course he said I'll help you so he did and this is a ford edge 2010 the Ford SYNC module is located behind the the center console really easy to get to it's just held in place with clips and then there's four screws and you just remove it and then you take the faceplate off and then you have access to what I saw oh one thing quickly with
this when you pop out the chip to do the analysis on it you're probably not going to get it back in just saying you will void the warranty and and and unless you're a pro with a soldering soldering iron you're not getting it back in sorry
Ben so this is the head unit this is
this is the front of it it's got again the 40 gig paid a hard drive this would happen to be a hitachi enduro star that doesn't necessarily mean that you'll have a hitachi when if you were to get one out or for you to buy the car I think they just kind of use whatever they have in in batches this is going to contain because it's generation one navigation data track data breadcrumbs save locations previous destinations and all your music files which as we know could be seg files so acquiring the head
unit so I'm going to go over different some a couple of techniques that will probably work hint hint hint um trick just kidding alright so this is we
remove the head unit that's kind of what it looked like there's also a picture that the been wouldn't let me use have been like standing there like with almost a heart attack on his face that I ripped his car apart and that's the back you can kind of see on the second one where the hard drive was you just pull it out it's really easy to get the hard drive although I got to tell you when you take the car apart it's a lot easier to take apart again than it is to put back together so any of you who are
forensic analysts you see this you see that the drives connected to a write blocker and I've got into some forensic tool yeah that's not going to work now why is that not going to work because Ford is really concerned with digital rights management and protect me music being imported to the hard drive so they've implemented this TPM lock style protection where the hard drive is essentially looking for a serial number on a module in the head unit so in the chassis so without that it's locked and it's it's really difficult to get around that but it is doable so for example if if the hard drive gets corrupt or breaks Ford's just going to replace the entire chassis they're not going to get stuff off your hard drive they're not going to fix it for you they're just going to give you a whole new head unit with a new drive so you can't take this hard drive and put it in another unit and have it work it just it just won't well without some manipulation so ways to get around this
clarion maintains a master password that will help you unlock this device if you can get to Clarion and you're nice to them and not necessarily lie but tell them what you're interested in doing they might give you that master password just saying um but if you're not nice what you've got to do is you've got to find a way to get around the TPM style lot and how do you do that the easiest way you just keep the car running you keep power to the vehicle and then it's not going to be an issue so there's a hardware component that is in creation that what it does is it connects the head unit the hard drive and the laptop so you could actually image this device you can see in that map it's got it's a middleware component that keeps power to the car so the car still going so you can just image it like you would normally image a drive and that's probably the easiest way to do it now my favorite way to do this and
you might want to look at these pictures because they're interesting hint hint um maybe why do you say that yeah and where it where's it from enterprise yet you have no idea how hard it is to go to enterprise and actually request a specific car they don't do it I mean I I eat it took a lot of a lot of social engineering to just be nice and friendly and say you know I really am trying to buy this car but I want to test it first you know and woman was so nice she kept the car for me hid the key in the fridge so no one else would get that car and it was nice I appreciated that actually thanked her in the beginning um so this this is a way that actually is probably going might be your easiest bet this is up to M exploiting the update process so you go to the Ford website you update the latest file and you put it on your USB stick and then you stick it in the car and you go through this update process that you can see that we're doing right here and it's a cab file now if you were to a beware if you were able to get some code into this cab file and still make it readable as a cab file you would be able to put software on the device that would allow you to exfil a drive through bluetooth or through the wireless so I don't want to call it malware because it's not necessarily malware because the purpose of it is different all right it's malware what whatever you know what sorry DoD is malware you can you can exploit this update process customize this cab file put your malware on there that will then allow you to exploit the Bluetooth and use it to image your file and that way you're getting around the TPM log now
this way is kind of cool too there's a guy in Florida um kind of a bit of a hermit eco stole calm and what he's done is he's created some hardware that you put on the back it puts the system into a can diagnostic mode and what he does is he flashes the radio with predefined options so again you could use this method you could flash the radio with these predefined options and some of those options you put on our again malware that allow you to access the car and I am saying this because this is what a forensic analyst would do but keep in mind that these are also things that that someone with with not so good intentions could do as well so they could put stuff so they could constantly get access to your car
on the hard drive itself I don't know we haven't tried that it could be something we're trying so the second generation so the second generation is going to be a little bit different it's going to be a single integrated component so the Microsoft Sync chip is going to be in the head unit and they're getting away from the Clarion vxworks and the operating system for the nav unit and for the the chip is going to be microsoft office and again windows ce e based so again exploits that we're going to work against windows ce e might work against this as well they are moving away from having a hard drive they're moving toward having all of their storage be an external USB Drive or an SD card and the SD card has a software lock protection on it I haven't been able to get one yet but I'm going to get one and play around with that no one's drinking I just said on come on dance so they're also they have a full suite of wireless products you can turn your car into a wireless hotspot you can connect to any wireless network that you want again that information is going to be stored in the chip so that's information that you can get access to as well Saturday yeah drink how come to visit or someone drink it's all you drink all right all right
so this is this is the second generation 2012 ford explorer with the second generation system and i thought that I was being a master social engineer here I thought I was being so smart so we dress up we go to the ford dealer and i started asking them all kinds of questions pretending like i'm going to buy the car and asked if i can take pictures of stuff so that i could show you guys what's going to be there I should have known that the true social engineer masters our car salesman because if my husband hadn't been there with me I would have walked out with that car and an eight-hundred-dollar car payment because my car is still in the lease yeah I hate there like what can I do to get you in this car today and I've got stars I'm like anything yeah that was but that car is really nice really nice so again this includes the SD card
in the center console you can see it this is a this is the Ford Explorer 2012 resist the f-150 we explore okay it's got two USB ports oh that's important to note to the USB ports are not connected to the the head unit the hard drive so you you can stream stuff from it but you can't you can't use them as a points of doing a forensic acquisition and this is important to note to the only way that you can get information on to the hard drive the photos currently is through the CD but then again using some of these methods that I spoke about our ways of cracking that so that you can get your music on there through bluetooth through wireless if you put that piece of malware on there using those other methods it is yeah it is you say that language it is 44 has attempted to firewall it off but and I'm saying Ford Ford is really leading this they've really thought of a lot of things but GM hasn't dodge hasn't and as pretty much everyone in this audience knows you can find ways to get around the firewall but at least they're making an effort so you can see on this SD card case this contains the maps it says on there this card is write protected it can't be used in any other system so that just kind of shows you also its software protected but then I i had my boy like there is no information about this stuff on the internet they're just really isn't so we had to do a lot of work we had in Ford for dealers know nothing about this because they ship out the systems to Clarion or to some other radio manufacturer and they just bring it back no one fixes them so we I had to work my way through ford dealer to a radio manufacturer to Clarion and to Ford finally the Ford engineers so there wasn't a lot of information out there so anyway so this is the plastic case that comes with it it's your Maps I think you
can see that when when the card is not in the navigation system which is not work so you have no access to your nav data and since this is an all-in-one component you need that SD card in there so I think one of these is a SD card fault you need to insert it and then the other says it's now enabled so it can work
this is kind of an okay picture I mean the guy was like standing over me like like telling me all the options on the car so I'm like sitting here drooling well that's like trying to lean over me to like take photos so this is just showing you what it looks like the second generation the wireless and internet is what I was most interested in so you see you've got your Wi-Fi
settings USB mobile broadband bluetooth and then the prioritized connection methods so you have a lot of options here oh it even has a nice little map that kind of shows you what you can do too and then here this is just to show
you the wireless options you can you can go to Starbucks and get on their network and I don't know I mean I guess this really means you could really really do war driving cuz you're in your car Charlie hey I think I'm funny so again I haven't done a ton with the wireless but I will tell you that most of the wireless hacks that you've seen at this conference that you know about that you've researched about they're going to work here so again what what my concern is is a I saw this CSI episode which is a the way they did it wasn't accurate but what they said kind of was that they had a hacker view wirelessly got into a car and he was able to make the car drive to some location that a guy ended up getting murdered at or something crazy like that but but there are ways to get in wirelessly to the car and eventually control the car as these young gentlemen will probably be talking about later today at three so just just kind of be thinking about that so what's
the future so future integration one thing that I'm kind of interested I'm sure is going to happen is what I told you what I had mentioned before using your car itself as a virus whether you send the virus out over a wireless Bluetooth or this new and tell a drive that i'm going to show you or various other methods I mean it's kind of kind of kind of cool but it's kind of scary too I mean you could you could set up some kind of hot spot and have someone drive by and their car just shuts down and using the car as a communication channel say I up 10 minutes while right say I had something that I had to talk to Matt about and I didn't want for Zane to be able to read it so I use my car and his car and we communicate on a protocol that Zane might not be looking for and obviously that's not something you'd really use it for use you broaden your mind like think about it in in you know covert channels ways that you need to hide your data so i'm going to show you this video because it's damn cool and this is showing you the future of
this this intelligent think about the
possibilities and the potentials for this this technology using it as a communication device surveillance sending out viruses or just saving lives which is what it was meant to dude back
now at seven-forty-five with remarkable new technology designed to keep you safer behind the wheel CNBC's filled Laveau's at rfk stadium in Washington DC
with an exclusive first look at something that could prevent thousands of potentially deadly collisions good morning to you go good morning Meredith imagine your car
could talk to any other car truck on the road and warn you if you were about to crash into each other it's called intelli drive and it may sound like something out of the Jetsons but it's closer than you think to becoming reality it happens every six seconds in the u.s. car crashes head on side impact
or rear-end collisions more than five
million in 2009 killing almost 34
thousand and injuring two million more a group of major automakers including four
GM and toyota are developing a technology called intelli drive that will allow cars to communicate with each other and warn drivers when they're
about to crash we feel that the
intelligent program fully implemented can save up to eighty percent of traffic accidents for non impaired drivers here's how it works using GPS
transmitters and Wi-Fi cars constantly
send out signals with their location and speed so a driver about to be broadsided
at an intersection would be worn to hit
the brakes and avoid a collision we want
it to be like a vigilant copilot that they have with them all the time we tested the technology with engineers from Ford first at a blind intersection
looks like it's safe for me to go so at
this point oh so they're a blow not a
good idea and attempting to change lanes
with this system it warns you if you're going to lane change into another car so here's an example right there the system
warns me that in the lane right next to me there was a car that I would have hit with technology that helps prevent
rollovers and drifting across lanes cars
are already doing some of the thinking
for you and google is testing a car that does the driving for you it's possible that some day cars will drive themselves like the space vehicles on the Jetsons
until that day intelli drive will make a
big impact on safety I think this has huge potential a huge potential tool to reduce crashes on our freeways and save lives and save lives which is really the
ultimate goal so when might we see intelli drive and all new cars and trucks well maybe five or six years down the road it'll take the federal government some time to make the rules and mandate everything for the automaker's but make no mistake Meredith talking cars are coming and it could save thousands of lives yeah I love the
idea Phil LeBeau thank you so much all
right Thank You Meredith so you can see
where that's going and I hope that your gears are turning um we're probably going to be presenting this at the DoD cybercrime conference maybe I might submit for shmoocon I don't know but I think at those conferences we'll be able to release the tool that we were talking about the through the update file that will actually enable you to get the bluetooth back and hopefully demo it if there's enough room to bring one of the cars in I might try to do that too so does anyone have any questions for scars too ya see this listen will you say that louder oh he wanted to know if you could go get one of the pineapples and use it against cars the answer is yes and any other questions um it's that they're the operating system is on top of the chip so there's there's firmware that's that's the chip manufacturer that's going to be in there but then there's also the Microsoft that does that does have the firmware on there yes a senior those it not only exact way but yes every car is affected every car that has these systems is affected hey before you guys leave wait stop which one of you guys was the one who picked out that that was an enterprise car and gets to have Zach buy you a drink who was that it was you oh come on up to the front then my time three minutes are in any other questions all right thank you