Security

Unlocking the Road Ahead: Automotive Digital Forensics

A deep dive into an underrepresented research area
Saal Granville
Kevin Gomez
The importance and relevance of vehicles in investigations are increasing. Their digital capabilities are rapidly growing due to the introduction of additional services and features in vehicles and their ecosystem. In this talk on automotive digital forensics, you will embark on a journey through the cutting-edge world of automotive technology and the critical role digital forensics plays in this domain. We will explore the state-of-the-art methods and tools to investigate modern vehicles, shedding light on forensic experts' significant challenges. This presentation delves into the latest research areas and trends, providing insights into how technology rapidly evolves in the automotive industry, creating opportunities and challenges for digital forensics specialists. We will also peer into the future, discussing the directions in which automotive digital forensics is heading and the implications for our increasingly connected and autonomous vehicle landscape. Through case studies, you will gain a firsthand look at different investigations conducted on modern vehicles, showcasing the real-world applications of digital forensics in this field--explicitly focusing on privacy issues and security pitfalls in modern vehicles. Whether you're a seasoned expert or a curious enthusiast, this talk will give you a deeper understanding of the complex intersection of automotive technology and digital investigations.
This talk will be a deep dive into automotive digital forensics! We will explore the dynamic landscape of automotive technology and its intricate relationship with digital forensics. Our journey will traverse classical in-vehicle protocols, proprietary communication methods, and external interfaces, revealing these technologies' crucial role in modern vehicles. The current toolkit, used in automotive digital forensics investigations, includes the Berla iVe for infotainment analyses and specialized Airbag controller tools like Bosch CDR. For both, there is a limited understanding of its functionality and reliability, and for Airbag controllers, even contrary research results are available. We'll discover how these tools empower forensic experts to dissect the digital traces left within vehicles and the ecosystem, uncovering invaluable insights. As we embark on this journey, we'll confront significant challenges faced by automotive digital forensics practitioners. These obstacles include limited accessibility to vehicle systems, the integration of proprietary technologies, a shortage of knowledge and expertise in this domain, concerns over safety implications, and the absence of standardized storage systems. Keeping pace with the latest research trends, we'll delve into process development, the introduction of additional tools, in-depth analytical methods, and innovative investigation techniques shaping this field's future. But the road ahead is not without twists and turns, and we'll navigate through privacy and security issues that are paramount in the automotive digital forensics landscape. We'll shed light on privacy concerns, referencing investigations like the one conducted by the Mozilla Foundation and explore security topics through real-world examples such as attacks showcased at the Pwn2Own conference and those disclosed by KeenLabs Security. We will also focus on investigations we conducted on Tesla vehicles in the area of digital forensics. Throughout this talk, you'll gain insights into the automotive ecosystem's vast capabilities for digital forensics investigations. We'll also tackle the challenges head-on, highlighting the intricate balance between privacy and security in this ever-evolving domain. Whether you're an expert in the field or intrigued by the intersection of technology and automotive investigations, this talk promises to leave you with a profound understanding of the road ahead in automotive digital forensics.

Additional information

Live Stream https://streaming.media.ccc.de/37c3/granville
Type lecture
Language English

More sessions

12/27/23
Security
stacksmashing
Saal 1
Hardware hacking tooling for the new iPhone generation If you've followed the iPhone hacking scene you probably heard about cables such as the Kanzi Cable, Kong Cable, Bonobo Cable, and so on: Special cables that allow access to hardware debugging features on Lightning-based iPhones such as UART and JTAG. However with the iPhone 15, all of those tools became basically useless: USB-C is here, and with that we need new hardware and software tooling. This talk gives you a brief history of iPhone ...
12/27/23
Security
Saal Granville
Tesla's driving assistant has been subject to public scrutiny for good and bad: As accidents with its "full self-driving" (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer. In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system.
12/27/23
Security
Saal 1
Imagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of ...
12/27/23
Security
Saal Zuse
Elektronische Arbeitsunfähigkeitsbescheinigungen (eAU), Arztbriefe, medizinische Diagnosen, all diese sensiblen Daten werden heute mittels KIM – Kommunikation im Gesundheitswesen – über die Telematikinfrastruktur (TI) verschickt. Aber ist der Dienst wirklich sicher? Wer kann die Nachrichten lesen, wo werden die E-Mails entschlüsselt und wie sicher ist die KIM-Software? Im Live-Setup einer Zahnarztpraxis haben wir Antworten auf diese Fragen gesucht.
12/27/23
Security
Saal 1
This talk will present details of the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure relying on secret cryptographic algorithms which we reverse-engineered and published in August 2023. Adding to our initial disclosure, this talk will present new details on our deanonymization attack and provide ...
12/27/23
Security
muelli
Saal Granville
We present an analysis and recovery method for files encrypted by Black Basta, the "second most used ransomware in Germany". We analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files. We have made our tools for decrypting files without access to the actual key ...
12/27/23
Security
Saal Granville
Apple's cutting-edge emergency SOS and location sharing services provide crucial communication alternatives when no cellular network is available. This talk will shed light on how these satellite services work, how they are integrated into existing fall and crash detection, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.