Attacks targeting connected cars have already been presented in several conferences, as well as different tools to spy on CAN buses. However, there have been only a few attempts to create “something similar” to a useful backdoor for the CAN bus. Moreover, some of those proofs of concept were built upon Bluetooth technology, limiting the attack range and therefore tampering its effects.
Now we are happy to say, “those things are old”!
We have successfully developed a hardware backdoor for the CAN bus, called “The Bicho”. Due to its powerful capabilities we can consider it as a very smart backdoor. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Even more, have you ever imagined the possibility that your car suddenly stopped working, when you least expected it, due to a remote attack? Now all of this is possible.
The Bicho supports multiple attack payloads and it can be used against any vehicle that supports CAN, without limitations regarding manufacturer or model. Each one of the payloads is related to a command that can be delivered via SMS, this way it allows remote execution from any geographical location. Our hardware backdoor has an intuitive graphical interface, called “Car Backdoor Maker”, which is open-sourced and allows payload customization.
The attack payload can be configured to be automatically executed once the target vehicle is proximate to a given GPS location. The execution can also be triggered by detecting the transmission of a particular CAN frame, which can be associated with any given factor, such as: the speed of the vehicle, its fuel level, and some other factors. In our HITB talk, we’ll be presenting a new feature, that allows us to remotely kill the car’s ECU and consequently causing the car to stop working suddenly.
Do you want to get yourself The Bicho? Ping us at HITB! We will have some Bichos with us for you 😉