Malicious tampering of environmental protection systems turns very clean vehicles into heavy polluters. In the European project DIAS, countermeasures are developed to harden vehicles against mailicious tampering and this needs to be thoroughly tested. That is why they invite creative, ingenious and skilled people to hunt for bugs. A hacking event is organized where participants will put the new and improved security features to the test!
Event description
In the first Hack-a-truck event held in May 2021, the onboard countermeasures for tampering detection and prevention of the vehicle were tested. New features for tampering prevention and detection have been added since May 2021. Hack-a-Truck part 2 revolves around a new system that reports information about a possible tampering suspicion wirelessly to a cloud or a supervising entity, to enable fast and easy detection and reporting of tampering of connected vehicles.
The goal is to find possible vulnerabilities which allow tampering while remaining undetected
Hack-a-Truck part (H#2) is an automotive hacking event that lasts two days. Experts from the field, such as Bosch, FEV and UMFST, will inform you about the latest environmental protection systems and the newly developed state-of-the-art countermeasures. During the physical event held in the Netherlands, you will work on one of the two variants of the testbeds, one on the in-vehicle communication of control units and one on the wireless communication between the in-vehicle control units and the cloud, as well as participate in a central session discussing the tampering reporting system as a whole. You will be assigned to find vulnerabilities in a group setting and there will be time during the event to ask questions and have discussions with experts from the DIAS project consortium. They expect a presentation from the participants where the hacking approach is explained - this gives each participant the opportunity to challenge their own approach and get new insights.
The challenge
Both testbeds are Raspberry Pi based setups, with added encryption
These testbeds involve:
1. (man-in-the-middle attacks on) CAN-bus and Autosar SecOC
2. HTTP and SSI
If you can hack one (or both) of these challenges and if you have excellent English communication skills, then please do apply!
If you choose to accept this challenge, we offer you:
- A two-day physical hacking event in the Netherlands. Your costs for travel and stay will be compensated, including a fixed daily wage.
- Training sessions on the latest environmental protection systems and the newly developed state-of-the-art countermeasures.
- During the two days you will work together in small groups with other participants on finding vulnerabilities in the system.
- Access to a pool of experts from amongst others Bosch, FEV and UMFST during the event.
- A certficate of joing the DIAS Hack-a-Truck part 2 hacking event.
Application
Hack-a-Truck part 2 is planned for week 13 (28th March until 1st of April). Final dates will be announced soon.
To apply for this event, please send your motivation letter and CV to projectoffice@tno.nl before February 28th, 2022.
The selection procedure will be finished before the end of week 9 (6th of March).
If you are selected, you will be asked to sign an NDA.
For additional information send an e-mail to info@dias-project.com
During the first DIAS hackaton, participants came up with creative technical ideas to find attack vectors which can be exploited to make tampering business out of them.