Thursday, March 28, 2024

PASTA – A New Car Hacking Tool Developed by Toyota to Test The Security Vulnerabilities

Toyota builds a new car hacking tool called PASTA (Portable Automotive Security Testbed) an open source tool for researchers to test the security vulnerabilities in modern cars.

A Team of security researchers from Toyota carried a tool box to present their research in BLACKHAT EUROPE 2018, London and they demonstrate the PASTA testing platform in front of blackhat audience.

Cyber criminals often compromising the cars since everything connected to the Internet, a poor security configuration or poor programming of the devices open the possibility of an attack that alters the functions of the vehicle, remotely gaining control of it.

Also still its challenging in case of automated driving, securing vehicles that running under sophisticated driving-assist technologies against cyber attacks.

Toyota’s building this tool to perform security testing automobile manufacturers to perform testing and exposing holes in the automated and networked features in their vehicles.

                                                                                  Structure of PASTA

PASTA car hacking tool is contained in an 8 kg portable briefcase and they integrated with a driving simulator program

Toyota security researchers propose this tools by Considering some important requirement including, security electronic control unit (ECU)  by places tough restrictions in order to test vulnerabilities and exploits.

An electronic control unit (ECU) is at the center of the development of cybersecurity technology, and each supplier develops its own automotive information security technology for ECUs in its own environment.

In this case, anyone will be able to apply technology and evaluate that technology with ECU when creating a platform with transparent ECUs with high adaptability.

Toyota researcher said during the demonstration, “Simulating an actual vehicle through hardware is also required for assessing threats of cyberattacks. We need not only to provide an adaptable platform for developing measures for existing cybersecurity but also simulate any function in actual vehicles using white-box ECUs.”

It simulates the remote operation of wheels, brakes, windows, and other car features rather than “the real thing,” for safety reasons. “It’s small and portable so users can study, research, and hack with it anywhere.”

Driving simulator connected to PASTA

Researchers believe that Car Hacking Tool PASTA has the possibility to contribute to a comprehensive development platform against vehicle cyberattacks.

Also, Toyota plans to share the specifications on Github, as well as initially Toyota sell the fully built system in Japan.

Please find the complete white paper and Presentation for Car Hacking Tool project.

• Download Presentation Slides
• Download White Paper

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles