Block Harbor’s Ayyappan Rajesh on Advanced RF Exploitation Techniques for Automotive Systems episode artwork

EPISODE · Apr 22, 2025 · 34 MIN

Block Harbor’s Ayyappan Rajesh on Advanced RF Exploitation Techniques for Automotive Systems

from Ahead of the Breach · host Sprocket

From intercepting key fob signals with HackRF devices to setting up rogue cellular networks with USRP transceivers, Ayyappan Rajesh, Offensive Security Engineer at Block Harbor Cybersecurity, takes Casey deep into the technical underbelly of wireless security testing in this illuminating episode of Ahead of the Breach.  As an offensive security engineer with Block Harbor's VCL team, Ayyappan specializes in testing "everything that has a radio on it" — from automotive systems operating at 315 MHz to Bluetooth-enabled tire pressure monitoring systems and cellular networks requiring sophisticated Faraday cage environments. He shares how teams can intercept SPI and I2C communications to extract firmware directly from chips, implement GPS spoofing using NASA satellite constellation data, and why many vulnerabilities now require physical access rather than just wireless interception. Topics discussed: The evolution of RF exploitation from replay to rollback methodologies that deliberately desynchronize key fob counter synchronization, allowing security testers to exploit implementation weaknesses rather than breaking encryption algorithms directly. Hardware-based firmware extraction techniques using direct chip interfaces that bypass wireless protections entirely, revealing how security researchers connect via SPI and I2C protocols to obtain proprietary algorithms from automotive security chips. Lateral movement strategies from infotainment systems to critical vehicle controls through careful analysis of gateway implementations that act as rudimentary firewalls between entertainment and control networks. Creating isolated cellular test environments using programmable SIM infrastructure and open-source base stations that enable comprehensive security testing without FCC violations through controlled Faraday environments. Manipulating GPS-dependent systems through satellite constellation spoofing that leverages NASA ephemeris data processed through GPS-SDR-SIM to generate deceptive signals targeting both location and time-dependent security controls. Building cost-effective wireless security testing labs that leverage increasingly affordable software-defined radio platforms like HackRF and USRPs, enabling more researchers to conduct sophisticated wireless security assessments. Leveraging automotive security education resources like the Cyber Auto Challenge that provide aspiring security researchers with manufacturer-supported environments for learning without the significant financial barriers traditionally associated with automotive security testing.

From intercepting key fob signals with HackRF devices to setting up rogue cellular networks with USRP transceivers, Ayyappan Rajesh, Offensive Security Engineer at Block Harbor Cybersecurity, takes Casey deep into the technical underbelly of wireless security testing in this illuminating episode of Ahead of the Breach.  As an offensive security engineer with Block Harbor’s VCL team, Ayyappan specializes in testing ”everything that has a radio on it” — from automotive systems operating at 315 MHz to Bluetooth-enabled tire pressure monitoring systems and cellular networks requiring sophisticated Faraday cage environments. He shares how teams can intercept SPI and I2C communications to extract firmware directly from chips, implement GPS spoofing using NASA satellite constellation data, and why many vulnerabilities now require physical access rather than just wireless interception. Topics discussed: - The evolution of RF exploitation from replay to rollback methodologies that deliberately desynchronize key fob counter synchronization, allowing security testers to exploit implementation weaknesses rather than breaking encryption algorithms directly. - Hardware-based firmware extraction techniques using direct chip interfaces that bypass wireless protections entirely, revealing how security researchers connect via SPI and I2C protocols to obtain proprietary algorithms from automotive security chips. - Lateral movement strategies from infotainment systems to critical vehicle controls through careful analysis of gateway implementations that act as rudimentary firewalls between entertainment and control networks. - Creating isolated cellular test environments using programmable SIM infrastructure and open-source base stations that enable comprehensive security testing without FCC violations through controlled Faraday environments. - Manipulating GPS-dependent systems through satellite constellation spoofing that leverages NASA ephemeris data processed through GPS-SDR-SIM to generate deceptive signals targeting both location and time-dependent security controls. - Building cost-effective wireless security testing labs that leverage increasingly affordable software-defined radio platforms like HackRF and USRPs, enabling more researchers to conduct sophisticated wireless security assessments. - Leveraging automotive security education resources like the Cyber Auto Challenge that provide aspiring security researchers with manufacturer-supported environments for learning without the significant financial barriers traditionally associated with automotive security testing.

NOW PLAYING

Block Harbor’s Ayyappan Rajesh on Advanced RF Exploitation Techniques for Automotive Systems

0:00 34:09

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Ahead of the Breach?

This episode is 34 minutes long.

When was this Ahead of the Breach episode published?

This episode was published on April 22, 2025.

What is this episode about?

From intercepting key fob signals with HackRF devices to setting up rogue cellular networks with USRP transceivers, Ayyappan Rajesh, Offensive Security Engineer at Block Harbor Cybersecurity, takes Casey deep into the technical underbelly of...

Can I download this Ahead of the Breach episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!