Key fob rollback attacks, backdoored infotainment firmware, and CAN message injection were on display at the Car Hacking Village (CHV) during ROOTCON 17 this past week.
ROOTCON had a record 700+ attendees this year - people came from all over Asia and the world to attend the 17th ROOTCON in Tagaytay City. Founded by Dax Labrador (semprix) in 2008, ROOTCON is the largest hacker conference in the Philippines. (https://www.rootcon.org/) 2 full days of talks were concluded by an after party and Hacker Jeopardy - the Filipinos know how to throw a good party!
The two goons responsible for Car Hacking Village are Jay Turla (shipcod3) and Jami Agnis (Eman0n). This year's highlight was bringing a Mazda 2 from Cebu to show at CHV and also a visit from the Div0 Car Security Quarter coming all the way from Singapore.
Over the 2 day event, I got to meet several security professionals, hackers, and saw many students that are interested in cybersecurity for their careers. The Philippines is a great center for cybersecurity professionals - many companies have offices in Manila and the surrounding area working in offensive and defensive security.
Key Fob Rollback Attack - Jay Turla (shipcod3)
Jay Turla (shipcod3) is the CHV Philippines founder and an organizer for ROOTCON. He gave a talk on the main stage on Day 1 of the conference called "Car Hacking Scene in the PH: How Far We've Come" and hosted several demos during the conference in the CHV. (Note the lucky golden pig on the Mazda 2 in the video below)
CAN Message Injection - Alina and Pei Si from Car Security Quarter (Div0 Group from Singapore)
The Div0 Car Security Quarter (https://www.div0.sg/q-car-security) brought their vehicle test benches and gave a talk at the CHV on their process of putting the benches together. They demoed and taught many attendees about their vehicle test benches and CAN message injection - check out the video below. Thank you to Alina, Pei Si, and Liang Cherng - you are a great group and I look forward to what you are doing with your new company HE&T Security Labs (https://www.heatsecuritylabs.com/). (Also I enjoyed the Mooncake to celebrate the Moon Festival during Hacker Jeopardy - they were delicious)
Kamel Ghali - "Hacking Back Your Car"
Kamel Ghali came from Tokyo, Japan to give a very interesting talk about car hacking and all sorts of attacks on vehicles. I have known Kamel from the industry and ASRG but never had got to meet him in person. Kamel also gave demos in the Car Hacking Village during ROOTCON.
ありがとう Kamel.
My CHV Village Talk
I enjoyed giving my CHV Village talk and the Village room was full of people interested in automotive security. Thank you to Jay Turla, Jami Agnis, and Dax Labrador for your hospitality and kindness during my trip. I loved my first ROOTCON and my first trip to the Philippines. I hope to be back for another with the CHV.
If you enjoyed this article, please follow Rustic Security on LinkedIn for more content like this: https://www.linkedin.com/company/rustic-security-llc
ความคิดเห็น