Machines | [DEFCON 21] How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages

How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles Speaker: Jason Staggs - Grad Student and Research Assistant, University of Tulsa This presentation introduces the underlying protocols on automobile communication system networks of passenger vehicles and evaluates their security. Although reliable for communication, vehicle protocols lack inherit security measures. This work focuses strongly on controller area networks (CANs) and the lack of authentication and validation of CAN messages. Current data security methods for CAN networks rely on the use of proprietary CAN message IDs along with physical boundaries between the CAN bus and the outside world. As we all know, security through obscurity is not true security. These message IDs can be reverse engineered and spoofed to yield a variety of results. This talk discusses methods for reverse engineering proprietary CAN messages. These reverse engineered messages are then injected onto the CAN bus of a 2003 Mini Cooper with the help of cheap Arduino hardware hacking. Additionally, a proof of concept will be demonstrated on how to build your own rogue CAN node to take over a CAN network and potentially manipulate critical components of a vehicle. The proof of concept demonstrates taking full control of the instrument cluster using the reverse engineering methods presented.