Hardwear.io Security Trainings and Conference USA 2026

  • 26th – 30th May 2026
  • Santa Clara Marriott, USA
Share:
Intermediate

Connected Car Hacking

Training Objectives

Modern vehicles embed various connectivity to enhance the driver experience. Have you ever wondered how the Infotainment unit works, what data is stored and could be retrieved ? How does the car interact with a back-end server to offer connected services, and what are the Electronic Control Units (ECU) managing those features?

The goal of this training is to share our experience in assessing connected cars and the techniques we used. Participants will learn how to evaluate key components of modern vehicles’ connectivity, both on the hardware and on the software side, focusing mostly on the In-Vehicle Infotainment (IVI) and the Telematic Control Unit (TCU).

The training is organized around hands-on exercises reproducing real cases we worked on, covering the main steps of the assessment of a connected vehicle, from setting a test bench, recovering ECUs firmware/filesystem to analyse them and interacting with the various connectivity to exploit vulnerabilities.

Upon completion of this training, participants will be able to set their own automotive test bench, perform vulnerability research/pentesting on connected ECUs, applying techniques learnt during the various exercises.

Key Learning Objectives

  • Learn how to set an automotive test bench
  • Understand how In-Vehicle Infotainment and Telematic Control Units work
  • Being able to extract ECU filesystem/firmware and analyze them
  • Exploiting various attack surfaces

Detailed Description

During this 3-day course, participants will work on custom hardware mimicking key ECUs of a connected car, through 4 different modules. Each module has several hands-on exercises to practice and understand techniques that will be taught. First, attendees will learn how to set an automotive test bench, to be able to create their own or craft a car-in-a-box.

Once the test bench is working, a day will be dedicated to delve into In-Vehicle Infotainment unit, which expose the wider attack surface through its USB, Bluetooth and Wi-Fi connectivity. Participants will learn how to extract an IVI filesystem without using a chip-off technique and analyze it to find out how to activate the Engineer mode. We will also look at how we can emulate an USB device.

Network connectivity of a modern vehicle is managed by the TCU and trainees will learn how to set an LTE test network and how to modify the ECU to intercept communication and mimic a back-end server to interact with the ECU. Participant will also learn how to exploit the hardware architecture of such equipment in order to bypass a security.

Module 1 – building an automotive test bench
  • Which ECU to select and how to collect them
  • Gathering OEM technical documentation to identify ECU pinout
  • Analysis of ECU internal
  • Wiring up the bench
  • Analysis of the main buses (CAN-FD, 10Base-T1S)
  • Bypassing miscellaneous protection
  • Emulating sensors
Module 2 – Hacking IVI
  • Hardware architecture
  • Extracting IVI filesystem
  • Recovering Personally Identifiable Information
  • Searching and enabling Engineer mode
  • Introduction to Android Automotive
  • Emulating USB devices to assess USB connectivity
Module 3 – Hacking TCU
  • Hardware architecture
  • Dump TCU filesystem
  • Exploit on-board communication to bypass ECU protection
  • Connect TCU to a LTE test network
  • Setting up a LTE test network
  • Intercept data from the TCU and redirect communications
  • Mimic a secured backend server to interact with the TCU

Who Should Attend?

  • Security researchers interested in automotive
  • Automotive engineers
  • Hardware hackers who want to get into car connectivity
  • Forensic investigators/government officers

Prerequisites

  • Basic knowledge of Linux operating system
  • Basic Python programming
  • Basic knowledge of hardware communication protocols (SPI)
  • Basic reverse-engineering knowledge
  • Basic knowledge of CAN network (how to read/write on a CAN bus) and UDS protocol will be a plus

Software & Hardware Requirements

  • Laptop with at least two free USB-A ports (or a USB-C dongle with at least two USB-A ports)
  • VMPlayer or VirtualBox to use the provided x86/64 VM with all the tools pre-installed (no Apple Silicon MAC)

What You Get

During the training several adapters and equipment will be provided to work on the various attack surfaces (CAN-FD, Automotive Ethernet, BLE, emulated LTE…).

The students will receive:

  • Course material
  • Adapter to dump eMMC chips
  • A programmable SIM card and an adapter to swap TCU eSIM
  • A USB to CAN adapter to interact with ECUs and control their future test benchs

Training Details

  • Date: 26th to 28th May 2026
  • Time: 9:00am to 5:00pm PDT
  • Venue: Santa Clara Marriott
  • Level: Intermediate
Register Now

About Trainer

Philippe AZALBERT

Philippe AZALBERT (@Phil_BARR3TT) is a security researcher leading the automotive activity at Quarkslab. He works for several years on car security and his research interests also lie in embedded devices, fault injection and software defined radio. He loves to animate Car Hacking events in conference, through workshops or dedicated CTF challenges and presented several talks regarding ECU hacking.