EPISODE · Apr 22, 2025 · 34 MIN
Block Harbor’s Ayyappan Rajesh on Advanced RF Exploitation Techniques for Automotive Systems
from Ahead of the Breach · host Sprocket
From intercepting key fob signals with HackRF devices to setting up rogue cellular networks with USRP transceivers, Ayyappan Rajesh, Offensive Security Engineer at Block Harbor Cybersecurity, takes Casey deep into the technical underbelly of wireless security testing in this illuminating episode of Ahead of the Breach. As an offensive security engineer with Block Harbor's VCL team, Ayyappan specializes in testing "everything that has a radio on it" — from automotive systems operating at 315 MHz to Bluetooth-enabled tire pressure monitoring systems and cellular networks requiring sophisticated Faraday cage environments. He shares how teams can intercept SPI and I2C communications to extract firmware directly from chips, implement GPS spoofing using NASA satellite constellation data, and why many vulnerabilities now require physical access rather than just wireless interception. Topics discussed: The evolution of RF exploitation from replay to rollback methodologies that deliberately desynchronize key fob counter synchronization, allowing security testers to exploit implementation weaknesses rather than breaking encryption algorithms directly. Hardware-based firmware extraction techniques using direct chip interfaces that bypass wireless protections entirely, revealing how security researchers connect via SPI and I2C protocols to obtain proprietary algorithms from automotive security chips. Lateral movement strategies from infotainment systems to critical vehicle controls through careful analysis of gateway implementations that act as rudimentary firewalls between entertainment and control networks. Creating isolated cellular test environments using programmable SIM infrastructure and open-source base stations that enable comprehensive security testing without FCC violations through controlled Faraday environments. Manipulating GPS-dependent systems through satellite constellation spoofing that leverages NASA ephemeris data processed through GPS-SDR-SIM to generate deceptive signals targeting both location and time-dependent security controls. Building cost-effective wireless security testing labs that leverage increasingly affordable software-defined radio platforms like HackRF and USRPs, enabling more researchers to conduct sophisticated wireless security assessments. Leveraging automotive security education resources like the Cyber Auto Challenge that provide aspiring security researchers with manufacturer-supported environments for learning without the significant financial barriers traditionally associated with automotive security testing.
What this episode covers
From intercepting key fob signals with HackRF devices to setting up rogue cellular networks with USRP transceivers, Ayyappan Rajesh, Offensive Security Engineer at Block Harbor Cybersecurity, takes Casey deep into the technical underbelly of wireless security testing in this illuminating episode of Ahead of the Breach. As an offensive security engineer with Block Harbor’s VCL team, Ayyappan specializes in testing ”everything that has a radio on it” — from automotive systems operating at 315 MHz to Bluetooth-enabled tire pressure monitoring systems and cellular networks requiring sophisticated Faraday cage environments. He shares how teams can intercept SPI and I2C communications to extract firmware directly from chips, implement GPS spoofing using NASA satellite constellation data, and why many vulnerabilities now require physical access rather than just wireless interception. Topics discussed: - The evolution of RF exploitation from replay to rollback methodologies that deliberately desynchronize key fob counter synchronization, allowing security testers to exploit implementation weaknesses rather than breaking encryption algorithms directly. - Hardware-based firmware extraction techniques using direct chip interfaces that bypass wireless protections entirely, revealing how security researchers connect via SPI and I2C protocols to obtain proprietary algorithms from automotive security chips. - Lateral movement strategies from infotainment systems to critical vehicle controls through careful analysis of gateway implementations that act as rudimentary firewalls between entertainment and control networks. - Creating isolated cellular test environments using programmable SIM infrastructure and open-source base stations that enable comprehensive security testing without FCC violations through controlled Faraday environments. - Manipulating GPS-dependent systems through satellite constellation spoofing that leverages NASA ephemeris data processed through GPS-SDR-SIM to generate deceptive signals targeting both location and time-dependent security controls. - Building cost-effective wireless security testing labs that leverage increasingly affordable software-defined radio platforms like HackRF and USRPs, enabling more researchers to conduct sophisticated wireless security assessments. - Leveraging automotive security education resources like the Cyber Auto Challenge that provide aspiring security researchers with manufacturer-supported environments for learning without the significant financial barriers traditionally associated with automotive security testing.
NOW PLAYING
Block Harbor’s Ayyappan Rajesh on Advanced RF Exploitation Techniques for Automotive Systems
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m