We understand that hackers look for weaknesses in networks to manipulate or take data, but understanding the ways that vehicles can also be accessed either remotely or physically can be a bit surprising.

Today’s guest is Derrick Thiecke. Derrick works as an Embedded Systems Security Tester in the automotive industry where he found himself after spending over a decade in the corporate IT world. When Derrick isn’t data dumping ROM chips, scouring through vehicle log data, or fuzzing CAN networks, he can be found as a brief blur passing by you on the highway.

Show Notes:

• [0:58] - Derrick shares his background and current role as a security tester for automotive controllers and devices.
• [3:30] - There are differences between vehicle networks and home networks. The main network for vehicles is CAN bus.
• [5:12] - Because it is a bussed network, Derrick explains how all devices on the network can access all the data.
• [6:50] - Previously, you had to have physical access to hack a car, but not anymore.
• [8:19] - Derrick describes how his own vehicle accesses data on a network.
• [9:56] - The implementation of standards has changed the way vehicles are serviced.
• [11:18] - Safety critical features are isolated, but some things can still be accessed that can be harmful.
• [12:29] - There was an event in 2015 where a parking feature was hacked while the vehicle was in motion.
• [13:59] - There are ways to communicate with and change the fuel mapping over CAN bus, but there is usually a physical component required.
• [16:07] - Derrick describes a scenario that creates a potential threat.
• [19:04] - The automotive industry typically sits about a decade behind in technology.
• [21:24] - Derrick lists some of the features in a vehicle that are connected to a network.
• [23:18] - The number of vehicle recalls due to software issues has increased since 2015, but the issues aren’t growing.
• [25:01] - Movies depict vehicle hacking as possible disasters. Derrick shares his concerns.
• [26:44] - When ransomware became a problem, we had the same questions. The threat for the worst case scenario is plausible.
• [28:31] - Derrick describes the most concerning problem he has experienced as a tester.
• [30:59] - Different cars all use the same controllers, even those without the same features.
• [32:26] - There are devices that can unlock vehicles without the key or keyfob.
• [34:18] - When there is an issue with a computer, typically there is an update to solve it. That currently isn’t the case for most vehicles.
• [35:41] - There are some updates that can happen remotely, but the catch-22 is that the wireless connection makes the vehicle susceptible to threats.
• [37:02] - There is a huge shortage of workforce in this industry.
• [38:41] - Derrick recommends the book The Car Hacker’s Handbook if you are interested in this field.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Derrick Thiecke on Twitter
• Email Derrick Thiecke
• The Car Hacker’s Handbook by Craig Smith