Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Transportation  

Building a Car Hacking Development Workbench: Part 3

Welcome back to the car hacking development workbench series. In part two we discussed how to read wiring diagrams. In part three, we are going to expand on the workbench by re-engineering circuits and replicate signals used in your vehicle. If this is your first…

Building a Car Hacking Development Workbench: Part 2

This is part two of a three-part series. Part one covered how to build a development workbench. Part two of this series will cover reading electrical diagrams and serve as a primer for part three, where we will re-engineer common circuit types found in vehicles.…

Building a Car Hacking Development Workbench: Part 1

Introduction There is a vast body of knowledge hiding inside your car. Whether you are an auto enthusiast, developer, hobbyist, security researcher, or just curious about vehicles, building a development bench can be an exciting project to facilitate understanding and experimentation without risking possible damage…

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application usernames,…

Pen Testing Cars with Metasploit and Particle.io Photon Boards

TL;DR This post details how to use the MSFRelay library for Photon boards to write your own Metasploit compatible firmware. Specifically for an add-on called Carloop. If you have a Carloop and just want it to work with Metasploit without having to write any…

Metasploit Framework Valentines Update

Valentines day is just around the corner! What could be a nicer gift for your sweetie than a bundle of new Metasploit Framework updates? The community has been as busy as ever delivering a sweet crop of sexy exploits, bug fixes, and interesting new features.…

Car Hacking on the Cheap

Metasploit's HWBrige comes with an automotive extension. This works out of the box if you happen to have a SocketCAN compatible CAN sniffer hanging around. However, if you don't have one, there is a decent chance you have a cheap sub $10 vehicle dongle in…

Rapid7's Position on the U.S. Executive Order on Immigration

On Friday, January 27th, 2017, the White House issued an Executive Order entitled, “Protecting The Nation from Foreign Terrorist Entry into The United States.”  As has been well-publicized, the Order suspends some immigration from seven Muslim-majority countries — Syria, Yemen, Sudan, Somalia, Iraq, Iran and Libya…

Exiting the Matrix: Introducing Metasploit's Hardware Bridge

Follow the white rabbit... Metasploit is an amazing tool. You can use it to maneuver through vast networks, pivoting through servers and even embedded OSes.  Having a single interface for your team and yourself to control a web of servers and networks is extremely powerful.…

12 Days of HaXmas: Year-End Policy Comment Roundup

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts…

All the (moving) Things!!

Until recently, I was running a small security testing company called Theia Labs.  Theia was small, just myself and a few other contractors, but we built a solid reputation within the auto industry.  During that time, I even wrote the book the Car…

Hacking Cars is Sexy

Five years ago, if you wanted to publicly demonstrate a car hack it usually meant you would (at the very least) get a series of cease and desist letters.  Of course this made it very hard for researchers to report problems.  If a security researcher…

Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law

Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927 – that forbids some forms of vehicle hacking, but includes specific protections for cybersecurity researchers. Rapid7 supports these protections. The bill is not law yet – it has only cleared a Committee…

Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201

On Mar. 3rd, Rapid7, Bugcrowd, and HackerOne submitted joint comments to the Copyright Office urging them to provide additional protections for security researchers. The Copyright Office requested public input as part of a study on Section 1201 of the Digital Millennium Copyright Act (DMCA). Our…

New DMCA Exemption is a Positive Step for Security Researchers

Today the Library of Congress officially publishes its rule-making for the latest round of exemption requests for the Digital Millennium Copyright Act (DMCA).  The advance notice of its findings revealed some good news for security researchers as the rule-making includes a new exemption to…