Sign up to save your podcasts
Or
Share Episode 108: DEF CON’s Car Hacking Village and is the Open Source Model Failing on Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 108: DEF CON’s Car Hacking Village and is the Open Source Model Failing on Security
In this week’s podcast (#108), sponsored by CA Veracode: hacker summer camp wrapped up on Sunday, as the 26th annual DEF CON conference concluded at Caesar’s Palace in Las Vegas. Hacks of connected and smart vehicles were a big theme again this year. We sat down with the organizers of DEF CON’s Car Hacking Village to see what was news at this year’s show. Also: open source software has revolutionized the way software gets made, and turbo charged the growth of companies like Facebook and Uber. But is the open source model failing us when it comes to security? We’re joined by OWASP founder Mark Curphey of CA Veracode to discuss it.
Elon who? A visit to DEF CON’s Car Hacking Village
Hacker summer camp wrapped up on Sunday, as the 26th annual DEF CON conference concluded at Caesar’s Palace in Las Vegas, ending a week of security conferences including the annual Black Hat Briefings and B-Sides Las Vegas. Some of the headlines out of the shows were predictable: DEF CON’s voting village yielded all too predictable stories about outdated electronic voting equipment making an easy target for hackers – this year it was an 11 year old girl.
While we always love to see middle schoolers and teens strutting their stuff at DEF CON, we’ve also weighed in on why hacks of aging e-voting systems might not be the best use of the security industry’s time and energies.
What was of interest at this year’s show were hacks of connected vehicles – including a talk and paper (PDF) by Jeep Cherokee hackers Chris Valasek and Charlie Miller, a presentation of a remote hack of a Tesla vehicle by researchers at China’s Keen Security (a division of Tencent) as well as — wait for it — a surprise appearance by Tesla Chief Elon Musk, who left with a promise to release Tesla’s security software as open source, clearing the way for it to be used across the industry.
That’s a great gesture and speaks to Musk’s history and roots as a creator of Internet-powered startups like Paypal. But – as we know, the automobile industry is older and wholly different from Silicon Valley and there’s no indication that the future of connected cars will look anything like that of connected phones, connected homes or anything else.
To get a sense of where things might be heading, Security Ledger stopped by the Car Hacking Village at DEFCON last week to speak to the folks from Grimm, a top vehicle security consultancy that organizes the Car Hacking Village. In our first segment of this week’s podcast, I speak with Bryson Bort, Grimm’s Chairman and Founder and researchers Tomas Tillery and Aaron Cornelius about the differences and similarities between hacking vehicles and other kinds of connected endpoints, and about what the near future and the advent of self driving and autonomous vehicles may hold.
We start off by talking about the Car Hacking Village, which this year added a “kidnap challenge,” in which DEF CON attendees were grabbed (with their consent, of course), blindfolded, thrown in the back of a Jeep Cherokee and given a laptop and a connection to the vehicle’s network. Their challenge, manipulate the car to spring the trunk or door locks and free themselves.
With Many Eyes, Open Source Risk is Deep
View all episodes
By The Security Ledger
4.3
88 ratings
In this week’s podcast (#108), sponsored by CA Veracode: hacker summer camp wrapped up on Sunday, as the 26th annual DEF CON conference concluded at Caesar’s Palace in Las Vegas. Hacks of connected and smart vehicles were a big theme again this year. We sat down with the organizers of DEF CON’s Car Hacking Village to see what was news at this year’s show. Also: open source software has revolutionized the way software gets made, and turbo charged the growth of companies like Facebook and Uber. But is the open source model failing us when it comes to security? We’re joined by OWASP founder Mark Curphey of CA Veracode to discuss it.
Elon who? A visit to DEF CON’s Car Hacking Village
Hacker summer camp wrapped up on Sunday, as the 26th annual DEF CON conference concluded at Caesar’s Palace in Las Vegas, ending a week of security conferences including the annual Black Hat Briefings and B-Sides Las Vegas. Some of the headlines out of the shows were predictable: DEF CON’s voting village yielded all too predictable stories about outdated electronic voting equipment making an easy target for hackers – this year it was an 11 year old girl.
While we always love to see middle schoolers and teens strutting their stuff at DEF CON, we’ve also weighed in on why hacks of aging e-voting systems might not be the best use of the security industry’s time and energies.
What was of interest at this year’s show were hacks of connected vehicles – including a talk and paper (PDF) by Jeep Cherokee hackers Chris Valasek and Charlie Miller, a presentation of a remote hack of a Tesla vehicle by researchers at China’s Keen Security (a division of Tencent) as well as — wait for it — a surprise appearance by Tesla Chief Elon Musk, who left with a promise to release Tesla’s security software as open source, clearing the way for it to be used across the industry.
That’s a great gesture and speaks to Musk’s history and roots as a creator of Internet-powered startups like Paypal. But – as we know, the automobile industry is older and wholly different from Silicon Valley and there’s no indication that the future of connected cars will look anything like that of connected phones, connected homes or anything else.
To get a sense of where things might be heading, Security Ledger stopped by the Car Hacking Village at DEFCON last week to speak to the folks from Grimm, a top vehicle security consultancy that organizes the Car Hacking Village. In our first segment of this week’s podcast, I speak with Bryson Bort, Grimm’s Chairman and Founder and researchers Tomas Tillery and Aaron Cornelius about the differences and similarities between hacking vehicles and other kinds of connected endpoints, and about what the near future and the advent of self driving and autonomous vehicles may hold.
We start off by talking about the Car Hacking Village, which this year added a “kidnap challenge,” in which DEF CON attendees were grabbed (with their consent, of course), blindfolded, thrown in the back of a Jeep Cherokee and given a laptop and a connection to the vehicle’s network. Their challenge, manipulate the car to spring the trunk or door locks and free themselves.
With Many Eyes, Open Source Risk is Deep