Security Vulnerabilities that Cross the Physical Divide to Compromise Cars, Pacemakers, Mobile Phones, and ATMs
With Blackhat USA behind us and Defcon in its full throes, there seems to be a trend away from purely digital hacks and toward physical devices. These include cars and implantable medical devices. To be fair, physical world security has been trending for a few years, including demonstrations of how to hack an ATM and smart meters.
I’ve been interested in the intersection of digital and physical security for over a decade and hacked into my BMW in 2008, partly to troubleshoot a problem with my navigation system, but also just to scope out the landscape. I had to build a serial (RS 232) adapter with a breadboard and solid state components to jack my laptop into the wiring harness, and my soldering iron skills leave one with the impression of kindergarten artwork, but it worked. And yet my project was completely occluded by much of the research you can find with a simple Google search.
In that spirit, I’ve assembled nineteen links to research that cross the divide from some guy at the keyboard of his Linux PC in his parent’s basement, dressed in only flip-flops and pajama bottoms, and rebuilding his Linux pentesting platform for the hundredth time this month, to those pioneers with the smarts to break out oscilloscopes and the dexterity to disassemble the dashboard of a Prius. Please to enjoy this smorgasbord of articles, research papers, and videos:
Automobile Hacking / Vulnerabilities
The following is not technically automobile hacking—nor marine craft hacking—but it vaguely fits into the category of how to compromise a technology, navigation, that transportation systems of all types have come to rely on.
Medical Device Hacking / Vulnerabilities
As a side note, Barnaby Jack, security researcher for IOActive, was a star in hacking physical devices, including medical implants and ATMs. His recent death at the age of 35 is sad and a great loss for the security community.
Misc Device Hacking / Vulnerabilities
Microchip Hacking / Vulnerabilities / Backdoors
And Old School Lock Picking + A Vulnerability in Card Key Hotel-Style Locks
This is just a sampler buffet of physical security goodness. Please share your links in the comments below and I’ll assemble a web page with as complete a set of listings as I can.