Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles. At the BLACK […]

PASTA

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed).

PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

At the BLACK HAT EUROPE 2018 held in London the duo presented the tool and confirmed that  Toyota plans to share the specifications on Github and will start selling the fully built system in Japan.

The PASTA car hacking tool is contained in an 8 kg portable briefcase, experts highlighted the delay of the automotive industry in developing cyber security for modern cars.

“The researchers integrated the tool with a driving simulator program, as well as with a model car to demonstrate some ways it can be used. PASTA also can be used for R&D purposes with real vehicles: that would allow a carmaker to test how a third party feature would affect the vehicle and its security, or reprogram firmware, for example.” reported DarkReading.

PASTA

Source: Dark Reading

Giving a close look at pasta case, we can find four ECUs inside, as well as a console to run tests of the car system operation or to carry out attacks, for example injecting CAN messages.

“There was a delay in the development of cybersecurity in the automobile industry; [it’s] late,” explained Toyama.

Now automakers including Toyota are preparing for next-generation attacks, he said, but there remains a lack of security engineers that understand auto technology.

The tool allows researchers to test communications among components of the vehicle through CAN protocol as well as analyzed engine control units (ECUs) operate of the vehicles.

Watch out, the PASTA was not designed for hacking scenarios like the one presented by the security duo Charlie Miller and Chris Valasek in 2015 when they remotely hacked a Fiat Chrysler connected car.

PASTA implements a simulation for remote operation of vehicle components and features, including wheels, brakes, windows, and other car functionalities.

“It’s small and portable so users can study, research, and hack with it anywhere.” continues the expert.

PASTA supports connections to ODBII, RS232C ports, and a port for debugging or binary hacking.

“You can modify the programming of ECUs in C” as well, he said.

Among future improvements for PASTA there is the implementation of other connectivity features, including Ethernet, LIN, and CAN FD, Wi-Fi and of course Bluetooth.

You can download slides and the research paper from the following link:

• Download Presentation Slides
• Download White Paper

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – car hacking, PASTA)

[adrotate banner=”5″]

[adrotate banner=”13″]