Sheila Ayelen Berta

Sheila Ayelen Berta is an Information Security Specialist and Developer, who has begun at 12 years old by herself. At the age of 15, she wrote hers first book about Web Hacking, published by RedUSERS Editorial at different countries. Over the years,Sheila has discovered several vulnerabilities in popular web applications such as Facebook, LinkedIN, Hotmail, ImageShack and others. Actually, Sheila works at Eleven Paths as Security Researcher which is specialized in web application security, malware analysis and exploit writing. She is also a developer in ASM x86, AutoIT, C/C++, Python and the most popular web application technologies. Additionally, Sheila is Security Researcher at UdeMM University, where she works leading projects about technology and cybersecurity. Sheila is an International Speaker, who has spoken about different researches at important security conferences such as Black Hat Europe Arsenal, Ekoparty Security Conference, OWASP Latam Tour, APPSEC Latam, DragonJARCon and others.

palestra:The Bicho, an advance CAN Backdoor Maker

Have you ever thought about the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Through out our investigation, we have successfully developed a backdoor hardware for the CAN bus, called “The Bicho”, which makes all of the above mentioned possible. The “magic” is within the developed firmware for a PIC18F2580 microcontroller. Additionally, “The Bicho” counts with a software named “Car Backdoor Maker” that allows the customization of attack payloads through a very intuitive graphical interface. The backdoor supports multiple payloads and can be used against any vehicle supporting CAN, unlimitedly regardless manufacturer or model. Each payload is associated with a command that can be executed via SMS, allowing attacks remotely, while being anywhere in the world. Besides, as an advanced feature, the attack payload can be set up so as to be automatically executed, once the victim´s vehicle is near a specific GPS location. The execution can also be activated by detecting a particular CAN frame trasmition that could be associated with the vehicle´s speed, its fuel level and some other agents, providing the means to design highly sofisticated attacks and execute them remotely.