Killdozer

This talk will discuss the results of a black box security engagement of a commercial, embedded system that is retrofitted to construction vehicles worldwide to enable Internet connectivity and provide advanced functionality to aid operators and automation for construction projects.

Sure hacking cars is cool but what would you do if you could hack a 100 ton construction vehicle like a bulldozer, a backhoe, a grader or an excavator? Could you create a botnet of diggers, make a new autobahn to your house or simply flatten your favourite government building?

This talk will discuss the results of a black box security engagement of a commercial, embedded system that is retrofitted to construction vehicles worldwide to enable Internet connectivity and provide advanced functionality to aid operators and automation for construction projects. What types of attacks are possible against these systems and what kind of attacks would be profitable or damaging?

The methodology used will be detailed; from gaining privileged access, dumping firmware, reverse engineering through fuzzing to finally developing relevant attacks for this type of smart vehicle - the Killdozer.

About the Speaker