2-day live event, 15 participants, 1 question: Can you find possible vulnerabilities which allow tampering while remaining undetected?

Overview

Malicious tampering with environmental protection systems turns very clean vehicles into heavy polluters. In the European project DIAS, countermeasures are developed to harden vehicles against malicious tampering and this needs to be thoroughly tested. That is why we invited creative, ingenious and skilled people to evaluate our solutions. A hacking event was organized where participants put the new and improved security features to the test!

Event description

The “Hack-A-Truck Part 2” Hackathon was held on March 2022 in Rotterdam, Netherlands. The former yard of the Rotterdamsche Droogdok Maatschappij (RDM) in the middle of the port was the perfect place for such an event.

The target was to evaluate the new features for tampering prevention and detection that have been added since the first hacking event (May 2021). Hack-a-Truck part 2 revolved around a new system that reports information about a possible tampering suspicion wirelessly to a cloud or a supervising entity, to enable fast and easy detection and reporting of tampering of connected vehicles. Participants had to do their best against the cutting-edge technologies implemented in DIAS countermeasures! The event was divided into two parts: an online preparatory session and a 2-day hybrid event. In the first session, the 15 external independent participants, ranging from students to professional ethical hackers with expertise in automotive communication and security, got up to speed with training sessions on the latest environmental protection systems and the newly developed state-of-the-art countermeasures.

During the 2-day hybrid (physical and in-person) event, the participants worked in 2 testbeds that were prepared by DIAS partners: one on the in-vehicle communication of control units and one on the wireless communication between the in-vehicle control units and the cloud. These testbeds involved:

1.    (man-in-the-middle attacks on) CAN-bus, Autosar SecOC, Firewall and Intrusion Detection System

2.    HTTP and SSI

A pool of DIAS experts from amongst others Bosch, FEV and UMFST were present during the event to answer questions and provide early feedback for the hacking attempts.

The event concluded with the presentations from the participants about their findings and an extensive discussion with DIAS experts. At first glance, no system breaking hacks were found. DIAS experts are further analyzing the received input to improve the DIAS countermeasures.

Thank you!

The DIAS project would like to warmly thank all the participants, the mentors, the experts and the TNO’s staff that helped this hackathon become a reality! Your efforts gave birth to a result that is of paramount importance to the fruition of our project!