IoT Security, Hands-on hack training
1 day
Request more information
Lena Bernhardsson – Sweden
+46 (0) 40 59 22 09
lena.bernhardsson@nohau.se
In cooperation with Assured AB, we offer this IoT Security workshop, aimed at anyone interested in the security, of for an example connected vehicles, but will aslo apply for other areas. The course combines theoretical lectures with hands-on challenges against a physical, simulated car.
You will, for an example, learn how a modern vehicle communicates internally (between components) as well as externally with the driver, passengers and remote services and how to exploit vulnerable or weak implementations of security concepts.
This is a one-day workshop with theoretical and practical parts in an interactive fashion.
You will be given a virtual machine with all the necessary tools and configuration needed to connect to the challenge platform, named “CyCar”. This device tries to simulate a vehicle infotainment and telematics system, often available in modern vehicles.
Target audience
This course mainly target you as a developer or architect working with automotive solutions, but also fits you with an interest in automotive security, hacking and embedded system security.
Attendee prerequisites
- You are required to possess a basic good understanding of networking and basic Linux commands.
- A basic understanding of binary and hexadecimal notation is recommended.
- A basic understanding of cryptography is helpful but not mandatory.
- A basic understanding of embedded systems is helpful but not mandatory.
The CyCar challenge platform
Our challenge platform “CyCar” consists of readily available components that are assembled into a small but realistic vehicle infotainment and telematics unit. An ECU controls vehicle characteristics such as speedometer, blinkers, locks and engine state. It is connected via the CAN bus to a single-board computer that runs a Linux OS with connectivity such as Bluetooth and WiFi as well as higher-level applications and services.
The CyCar platform hardware setup is open source for anyone interested in building their own. The firmware and software required for this course is restricted to purchasers of the course.
Course syllabus
Gear N (1h)
- Introduction
- Handouts
- Lab setup
Gear 1 (1h)
- Theory module 1
- Security concepts
- CAN and serial bus communication
- ECUs and the BusGoat
- Embedded security
- Cryptography
- Understanding and constructing CAN frames
- Pop-quiz and a short break
Gear 2 (1h)
- Theory module 2
- Connectivity and the OBD-II interface
- Bluetooth
- WiFi
- GSM, 4G
- Telematics
- Connecting to the CyCar
- Pop-quiz and a short break
Gear 3 (1h)
- Theory module 3
- API and application security
- Tools and commands
- Attack vectors
- Lab overview
- Trying the different tools
- Break for lunch
Gear 4 (2,5h)
- CTF-style hands-on lab
- Instructor-assisted challenges
Gear 5 (1h)
- Racing the CyCars
- Show and tell
- Price ceremony
Gear R (0,5h)
- Recap
- Evaluation