Nmap Development mailing list archives
GSOC'16 ideas on IoT discovery scripts
From: Yernat Yestekov <yestekov () gmail com>
Date: Mon, 21 Mar 2016 19:00:20 +0600
[Estimated time to read: ~3 min] Hello NMAP community, my name is Yernat. I'm student from Kazakhstan with 3+ years work experience in cryptography and information security (to save your time, I put my background information at the end of the letter). I'm applying for GSoC discovery scanning script developer position. I would like to discuss my proposal and hear some feedback from you. In general, my idea is to focus on IoT discovery, specifically on car on-board systems. Many cars connected to internet through built-in systems (e.g. Tesla, Jeep) or through peripheral devices (e.g. insurance or tracking dongles). I'm quite familiar with latest. Such dongles are usually connected to On-Board Diagnostic port (standard almost at any car), giving possible access to the car's internal Controller Area Network (CAN). CAN sends in and out an information to the electronic control units (ECUs) that control the steering, brakes, transmission, and almost any other electronic enabled system in the car. So, it should be a number of scripts that will discover such dongles, their specs (OS, open ports, etc) and possible car's internal information. Such information can give a nice attack surface for pentesters. Currently, I'm not aware of any software or service doing something like that (Shodan maybe?). It can become a nice, unique to NMAP feature. Moreover, I already secured the access to testing hardware. My friend is a founder of the startup that uses such dongles to collect information from cars in the cloud. He have a couple of dozens dongles from different manufactures for testing purposes and ready to share them with me. More detailed plans: - fingerprinting all available to me devices. Based on preliminary research I expect about 10-20 new fingerprints to nmap-os-db. - classifying devices by OS, hardware, and other specs to look if there is groups of similar devices like in CCTV market, where one manufacturer produce cameras for 20+ different companies with slightly different software and appearance (and bugs too :) - script that would discover connected dongles and check what information from the vehicle is available. It will require quite a lot of work to translate OBD's raw information to human-friendly format. - maybe some exploitation scripts, something similar to [1] or [2]. - .... any other ideas or suggestions from community? I will appreciate your help and mentoring. *whoami:* I did my master's degree in CS with focus on cryptography at University of North Texas. I hold several certifications as CCNA, NFOSEC CNSS 4011 and 4013 (equivalent of CCNA Security), and others. I have worked couple years as consultant on information security, mostly on applied crypto stuff, and as engineer in telecom industry, so I'm quite familiar with L2 and L3 networking. I'm also startup founder, a recently failed one. So now I have some spare time for what I really like (3l337 ]-[@xx). Just kidding, it is mostly coding and playing around with math. I'm available via yestekov () gmail com and IRC: doublewhy at freenode. Thanks and looking forward for your feedback! Best regards, Yernat [1] http://arstechnica.com/security/2010/05/car-hacks-could-turn-commutes-into-a-scene-from-speed/ [2] http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSOC'16 ideas on IoT discovery scripts Yernat Yestekov (Mar 21)