infotainment & telematics systems - federal business … · · 2015-11-06• auto cyber...
Post on 19-May-2018
217 Views
Preview:
TRANSCRIPT
© Copyright 2015 by Berla. All Rights Reserved.
VEHICLE FORENSICSInfotainment & Telematics Systems
Berla Corporation 2015
© Copyright 2015 by Berla. All Rights Reserved.
WELCOME• Company Overview
• Infotainment & Telematics Systems
• Overview of Potentially Acquirable Data
• iVe Software/Hardware
© Copyright 2015 by Berla. All Rights Reserved.
ABOUT ME• Lifelong car enthusiast
• Degree in Journalism
• Degree in Digital Forensics
• In field for about 4 years
© Copyright 2015 by Berla. All Rights Reserved.
ABOUT BERLA• Located in the Washington DC area
• Serving the global digital forensics/accident recon/insurance fraud communities
• Develop commercial products and provide training
• Conduct automotive cyber security research
• Provide research and development services for US Government
© Copyright 2015 by Berla. All Rights Reserved.
BERLA’S HISTORY
© Copyright 2015 by Berla. All Rights Reserved.
FACILITY• 14,000 sq ft building
• General/Admin offices
• Training room
• Development space
• Manufacturing area
• Hardware research lab
© Copyright 2015 by Berla. All Rights Reserved.
WHY?• Almost every crime involves a vehicle
• Department of Justice statistics from 2013 reveal:
© Copyright 2015 by Berla. All Rights Reserved.
WHY?• Almost every crime involves a digital element
• Integration of user’s devices into connected vehicle systems
• Analyzing user data is essential
© Copyright 2015 by Berla. All Rights Reserved.
REACTIVE & PROACTIVE APPROACHES• Forensics – Reactive
• Forensically extract and examine relevant data stored within vehicle infotainment and telematics systems
• Focus on user data and vehicle events
• User data from connected devices
• User data from navigation input
• Vehicle events logged from telematics system
• Auto Cyber Security – Proactive
• Conduct vulnerability assessments on vehicles from a wired and wireless perspective
• Focus on Attack Vectors related to the infotainment and telematics systems
• Firmware Updates• WiFi• GSM• Bluetooth
© Copyright 2015 by Berla. All Rights Reserved.
WHY AUTO CYBER SECURITY?• OEM’s (Original Equipment manufacturers) didn’t focus on creating
a secure product because they didn’t see the need
• Infotainment systems are the #1 complaint of consumers – a working product took priority over a secure one
• Charlie Miller & Chris Valasek slapped the world with a wake-up call
• Both OEM’s and consumers need to be aware of possible threats and react accordingly
© Copyright 2015 by Berla. All Rights Reserved.
TRAININGVehicle Forensics & iVe Certification (4 days)
AutomotiveCyber Security(5 days)
© Copyright 2015 by Berla. All Rights Reserved.
• GPS Forensics• Acquisition
• Analysis
• Reporting
• Supports 3000+ GPS Devices• Aviation
• Automotive
• Maritime
• Handheld Devices
PRODUCTS - BLACKTHORN
© Copyright 2015 by Berla. All Rights Reserved.
• Vehicle Forensics• Infotainment & Telematics Systems• Logical and Physical Acquisitions• Non-Destructive Methods• 4,300+ Vehicle Models
• BMW, Buick, Cadillac, Chevrolet, Chrysler, Dodge, Fiat, Ford, GMC Hummer, Jeep, Lincoln, Maserati, Mercury, Pontiac, Ram, SRT, Saturn, Seat, Skoda, Toyota and VW.
PRODUCTS - IVE
© Copyright 2015 by Berla. All Rights Reserved.
INFOTAINMENT & TELEMATICS
© Copyright 2015 by Berla. All Rights Reserved.
INFOTAINMENT• Information + entertainment
• Connects the occupants to their digital world.
• Provides information on vehicle performance, scheduled maintenance, and current status.
• Generally interacts directly with occupants and is main focal point.
© Copyright 2015 by Berla. All Rights Reserved.
TELEMATICS• “Connected Cars” are Wireless
Network Enabled Vehicles
• The integration of telecommunications and information
• Usually Vehicle to Infrastructure (V2I) or Vehicle to Vehicle (V2V)
• Facilitates requests to/from infotainment system
© Copyright 2015 by Berla. All Rights Reserved.
VIDEO – INFOTAINMENT & TELEMATICS• Video by CNET
• Does a good job of illustrating what concepts we just discussed
• Note – this video is a bit older. Notice what features were planned at the time of this video and which of those features have been successfully implemented
© Copyright 2015 by Berla. All Rights Reserved.
INFOTAINMENT & TELEMATICS… TODAY…
© Copyright 2015 by Berla. All Rights Reserved.
OFFENSIVE PERSPECTIVE
© Copyright 2015 by Berla. All Rights Reserved.
CONNECTED CAR MARKET
© Copyright 2015 by Berla. All Rights Reserved.
MARKET BY MANUFACTURER: 2008-2015
0
400
800
1200
1600
Infotainment Navigation Telematics
© Copyright 2015 by Berla. All Rights Reserved.
CONNECTED CAR MARKET
© Copyright 2015 by Berla. All Rights Reserved.
MANUFACTURER ROLL UP• The major manufacturers or OEMs make technology decisions for
their subsidiaries. e.g. GM dictates what infotainment and telematics systems are used in Chevrolet, Cadillac, Buick, GMC, Hummer, and Holden.
• These systems will have similar underlying technology but are have slight enough differences to make them unique. have slightly varying names. For example, Chevrolet, GMC, and Holden use MyLink while Buick uses IntelliLink and Cadillac uses CUE.
© Copyright 2015 by Berla. All Rights Reserved.
BEYOND 2015• Connected Cars bring together technology from smart phones,
social media, web browsers, “Cloud” storage, email, chat, and p2p sharing (just to name a few). Essentially a computer on wheels
• All into a single integrated-connected-highly-mobile environment
© Copyright 2015 by Berla. All Rights Reserved.
USER DATA
© Copyright 2015 by Berla. All Rights Reserved.
COMMUNICATIONS• Average vehicle has close to 70
Electronic Control Units (ECUs).
• They communication over several closed networks mainly called the CANBus.
• Three primary CANBus networks• High Speed• Mid Speed• Infotainment
© Copyright 2015 by Berla. All Rights Reserved.
GENERAL INFO & APP DATAVehicle
• Serial Number• Part Number• Original VIN Number• Build Number
Installed Applications• Weather• Traffic• Facebook• Twitter
Media Files• Audio• Video• Images
© Copyright 2015 by Berla. All Rights Reserved.
DEVICE DATAConnections
• Bluetooth• Wireless
Devices• Phones
• Calls• Contacts• SMS
• Audio• Video• Images
Media PlayersUSB DrivesSD Cards
© Copyright 2015 by Berla. All Rights Reserved.
BLUETOOTH CONNECTIONSConnections
• Bluetooth• Wireless
Devices• Phones
• Calls• Contacts• SMS
• Audio• Video• Images
Media PlayersUSB DrivesSD Cards
© Copyright 2015 by Berla. All Rights Reserved.
WIRELESS CONNECTIONSConnections
• Bluetooth• Wireless
Devices• Phones
• Calls• Contacts• SMS
• Audio• Video• Images
Media PlayersUSB DrivesSD Cards
© Copyright 2015 by Berla. All Rights Reserved.
DEVICE CALL LOGSConnections
• Bluetooth• Wireless
Devices• Phones
• Calls• Contacts• SMS
• Audio• Video• Images
Media PlayersUSB DrivesSD Cards
© Copyright 2015 by Berla. All Rights Reserved.
DEVICE CONTACTSConnections
• Bluetooth• Wireless
Devices• Phones
• Calls• Contacts• SMS
• Audio• Video• Images
Media PlayersUSB DrivesSD Cards
© Copyright 2015 by Berla. All Rights Reserved.
DEVICE SMSConnections
• Bluetooth• Wireless
Devices• Phones
• Calls• Contacts• SMS
• Audio• Video• Images
Media PlayersUSB DrivesSD Cards
© Copyright 2015 by Berla. All Rights Reserved.
EVENTSNavigation Data
• Trackpoints• Locations
• Saved• Previous
• Routes• Active• Inactive
Events• Doors Opening/Closing• Lights On/Off• Bluetooth Devices• USB devices attached• GPS Time updated
© Copyright 2015 by Berla. All Rights Reserved.
EVENTS - DOORSNavigation Data
• Trackpoints• Locations
• Saved• Previous
• Routes• Active• Inactive
Events• Doors Opening/Closing• Lights On/Off• Bluetooth Devices• USB devices attached• GPS Time updated
© Copyright 2015 by Berla. All Rights Reserved.
EVENTS – GEAR SHIFTSNavigation Data
• Trackpoints• Locations
• Saved• Previous
• Routes• Active• Inactive
Events• Doors Opening/Closing• Lights On/Off• Bluetooth Devices• USB devices attached• GPS Time updated
© Copyright 2015 by Berla. All Rights Reserved.
EVENTS - BLUETOOTHNavigation Data
• Trackpoints• Locations
• Saved• Previous
• Routes• Active• Inactive
Events• Doors Opening/Closing• Lights On/Off• Bluetooth Devices• USB devices attached• GPS Time updated
© Copyright 2015 by Berla. All Rights Reserved.
EVENTS - USB DEVICESNavigation Data
• Trackpoints• Locations
• Saved• Previous
• Routes• Active• Inactive
Events• Doors Opening/Closing• Lights On/Off• Bluetooth Devices• USB devices attached• GPS Time updated
© Copyright 2015 by Berla. All Rights Reserved.
EVENTS - WIFI CONNECTIONSNavigation Data
• Trackpoints• Locations
• Saved• Previous
• Routes• Active• Inactive
Events• Doors Opening/Closing• Lights On/Off• Bluetooth Devices• USB devices attached• GPS Time updated
© Copyright 2015 by Berla. All Rights Reserved.
ACCIDENT RECONSTRUCTION• iVe compliments CDR tool
• Before, during, after• Did the driver send a text just before the
crash?
• Seconds vs. days/months
• Different set of data
• Provides a more complete picture of the incident
© Copyright 2015 by Berla. All Rights Reserved.
iVe OVERVIEW
© Copyright 2015 by Berla. All Rights Reserved.
IVE• Toolkit for digital forensics/media
exploitation consisting of hardware and software
• Extracts data from vehicle Infotainment & Telematics systems
• Logical and Physical Acquisitions
• Non-Destructive Methods
© Copyright 2015 by Berla. All Rights Reserved.
WELCOME SCREEN
© Copyright 2015 by Berla. All Rights Reserved.
VEHICLE LOOKUP
© Copyright 2015 by Berla. All Rights Reserved.
ACQUISITION – SELECT VEHICLE
© Copyright 2015 by Berla. All Rights Reserved.
ACQUISITION – SELECT TYPE
© Copyright 2015 by Berla. All Rights Reserved.
ACQUISITION – TEST CONNECTIONS
© Copyright 2015 by Berla. All Rights Reserved.
ACQUISITION – CASE INFO
© Copyright 2015 by Berla. All Rights Reserved.
ACQUISITION – PROGRESS MONITOR
© Copyright 2015 by Berla. All Rights Reserved.
ACQUISITION - RESULTS
© Copyright 2015 by Berla. All Rights Reserved.
MAIN WINDOW
© Copyright 2015 by Berla. All Rights Reserved.
MAIN WINDOW - WORKFLOW
Tree Grid
Viewer
© Copyright 2015 by Berla. All Rights Reserved.
VIEWING DATA - SYSTEMS
© Copyright 2015 by Berla. All Rights Reserved.
VIEWING DATA - CONTENT
© Copyright 2015 by Berla. All Rights Reserved.
VEHICLE LOOKUP - WEBSITEIntroduction
© Copyright 2015 by Berla. All Rights Reserved.
SEARCH BY SPECS• Year
• Make
• Model
• Trim
• North American Vehicles 1981-2016
© Copyright 2015 by Berla. All Rights Reserved.
SEARCH BY SPECS• Will display specifications of the
vehicle
• Green check = Supported
• Other details of vehicle can be useful during investigation
© Copyright 2015 by Berla. All Rights Reserved.
SEARCH BY VIN• VIN will bring up features of that
exact vehicle
© Copyright 2015 by Berla. All Rights Reserved.
SEARCH BY VIN• Notice no green check in the
upper right corner
• Information is in database even though Audi is not yet supported
• Created as general reference
© Copyright 2015 by Berla. All Rights Reserved.
SO WHAT?
© Copyright 2015 by Berla. All Rights Reserved.
BENEFITS TO YOU• How would having vehicle forensics capabilities benefit your
organization now and in the future?
• Get ahead of the curve and establish your examiners as experts
• Discover digital evidence not available anywhere else that could make or break your cases (vehicle events, for example)
• Have an alternative method to get phone information should a suspect phone be locked or destroyed
• Be able to add user data to crash data in order to create a more accurate, robust timeline
© Copyright 2015 by Berla. All Rights Reserved.
BENEFITS ACROSS FIELDS• Digital Forensics
• Accident Reconstruction
• Insurance Fraud Investigation
© Copyright 2015 by Berla. All Rights Reserved.
UPCOMING EVENTS• F3 Conference, UK: Nov 3-5
• iVe Essentials, Austin: Nov 17-18
• CNOA Conference, San Fran: Nov 21-24
© Copyright 2015 by Berla. All Rights Reserved.
QUESTIONS Carly McGee(443) 333-9301
cmcgee@berla.co
https://www.linkedin.com/company/berla-
corporation
@berlacorp
top related