February 3, 2017
Popular offensive hacking toolkit Metasploit now works on hardware, including cars, after a major update to the 13-year old platform.
The free-or-paid modular hacking machine now sports plenty of CVE-specific exploitation components that security professionals have long-used for penetration tests and research.
An update to the Hardware Bridge API means the platform will now work on variety of hardware including vehicles’ CAN buses, one of the main entry points through which cars can be hacked.
Rapid7 transportation security research director Craig Smith says Metasploit can be trained to work with almost any vehicle interface.
“Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware,” Smith says.
“The Hardware Bridge API extends Metasploit’s capabilities into the physical world of hardware devices.
“Much in the same way that the Metasploit framework helped unify tools and exploits for networks and software, the Hardware Bridge looks to do the same for all types of hardware.”
Smith says hackers says Metasploit will offer several interactive vehicle-related commands for cars that sport CAN buses.
It is he says designed so that exploit developers can focus on writing automotive tools and less on the attached hardware.
Common automotive calls are also easier, including obtaining car speed or gaining security access tokens from engine control units.