Amsterdam – 16 March 2018: A smart connected car is not much more than a computer on wheels, with systems that control one or more areas of the automobile called electronic control units (ECUs). ECUs communicate in real-time over a system called a controller area network or CAN. At the Hack In The Box Conference in Amsterdam next month, ElevenPaths Claudio Caracciolo and Sheila Ayelan Berta will be presenting a new feature of their hardware device ‘The Bicho’ which exploits the CAN bus allowing for remote take over of the target vehicle. The presenters call their device a very smart backdoor as it can be used to remotely attack any vehicle that supports CAN, without limitations regarding manufacturer or model. Their device supports multiple attack payloads and has an intuitive graphical interface for payload customization. During their presentation, entitled “In Through The Out Door: Backdooring & Remotely Controlling Cars With The Bicho”, Claudio and Sheila will present this new feature that allows them to remotely cause a car to stop working.
Their hardware device will also be available for purchase at the conference and an excerpt of their presentation can be found at
Alongside this talk, Stephen Hilt a Sr. Threat Researcher at Trend Micro will present his research on vulnerabilities on two popular brands of wireless speaker systems, providing further insight into the default configuration flaws of the devices that can lead to security vulnerabilities resulting in device take over. In addition, several IoT security flaws will also be presented by Kelvin Wong, an independent researcher based in Hong Kong, who will demonstrate new attacks against Linksys and Dlink routers to obtain privileges and gain access control. Stephen’s and Kelvin’s presentation summary can be found here https://conference.hitb.org/hitbsecconf2018ams/commsec-track/