“3PO” is GRIMM’s mobile car hacking lab. Since nearly every modern car is Internet-connected, you no longer need physical access to break out of, or break into a vehicle. Hackers prove vehicles are not only insecure from a cybersecurity perspective, but because of that, also unsafe. From controlling the steering, accelerating, braking, and communications, this presents an extremely large attack surface. As automotive original equipment manufactures (OEM) and their Tier 1 direct suppliers have become more aware of the threat, their need for end-to-end hardware and software vulnerability assessments has grown. In an industry where most companies just tell you you have a problem, we created 3PO to actually demonstrate the problem, as well as raise awareness and help train folks while at conferences and exhibits.
It might not look like it, but 3PO is actually a fully-working car. Sure, it folds up into a box for easy transport, but it is made up of the Electronic Control Units (ECUs) from a 2012 Ford Focus. It acts as a great test-bed for reverse-engineering and hacking on automobiles and is a good way to learn how to secure embedded devices, and the complexities of IoT. At conferences we provide the tools and step-by-step instructions for non-technical folks to easily walk through CAN bus exploitation. Seriously, we put one of the engineers non-engineer wife on it to ensure it was easy enough for anyone without technical skill (e.g. the “spouse test”). We encourage attendees to bring their own tools and agenda or use the ones provided by GRIMM, but most importantly, to sit down and try it out!