DEF CON 34 TALK Schedule
All talks this year will be part of DEF CON Creator Stages!
Saturday - August 8th:
-
Saturday 3:30 - 4:00 PM | Creator Stage 1
Speaker: Kangwon Lee
Someone installed Doom on an Alpitronic supercharger at Pwn2Own Automotive 2026 — via an out-of-bounds write in firmware compiled by a compiler nobody verified. This talk connects the dots between Pwn2Own exploit classes and the upstream problem: most automotive and EVSE compilers have never been independently tested against safety or security standards. I will present a map of which compilers are actually qualified, where the coverage gaps are, and why Rust's memory safety guarantees matter less than you think if the compiler itself isn't verified. The talk closes with a practical trust chain — develop, compile, verify, review — that the security community can use to evaluate toolchain integrity.
-
Saturday 4:00 - 4:30 PM | Creator Stage 1
Speaker: Yehyeong Lee
"Modern vehicles are increasingly adopting Automotive Ethernet for UDS-based diagnostics instead of CAN.
While Gateway ECUs are designed to restrict communication to specific IPs, some support DHCP to facilitate communication with diagnostic tools.
This DHCP support allows an attacker to deploy a rogue DHCP server via the OBD Ethernet interface, assigning a controlled IP to the Gateway ECU and enabling network-level attacks without any prior knowledge of the vehicle's internal network.
In this talk, we demonstrate that high-rate Layer 2/3 flooding — regardless of protocol (ARP, ICMP, UDP, TCP) — disrupts safety-critical systems including AVN, wipers, headlights, and causes abrupt stopping when shifted into Drive or Reverse, and that at higher packet rates the infotainment display blacks out and does not recover until fully powered down.
We discovered these findings on a production vehicle and have prepared a demo."
Sunday - August 9th:
-
Sunday 10:30 - 11:00 AM | Creator Stage 1
Speaker: Danilo Erazo
"Many vehicles worldwide rely on a popular aftermarket rolling code system that has long been trusted to protect against key fob cloning and unauthorized access. This talk unveils the reverse engineering journey that uncovered the protocol’s frame format, cryptographic design, and previously undocumented weaknesses. By combining a rollback vulnerability with a practical rolling code brute force attack, we demonstrate how an attacker can recover valid codes and clone a legitimate key fob. The research resulted in three CVEs assigned in 2026 and impacts products deployed across multiple markets. Attendees will learn how assumptions about rolling-code security can fail in practice and how these failures can be exploited in the real world.
-
Sunday 11:00 - 11:30 PM | Creator Stage 1
Speaker: Robbie Galfrin
Passive Keyless Entry and Start (PKES) systems allow a driver to unlock and start a vehicle without any deliberate interaction with the key, relying instead on an automated radio-frequency exchange between the key fob and the car whenever the two are in close proximity. This talk begins by explaining the operating principles of PKES and the challenge–response communication that links the fob to the vehicle, establishing the implicit trust assumption — that proximity equals legitimacy — on which the system depends. I will then describe the process of sourcing and operating a real, commercially available relay attack tool, illustrated with a demonstration video of the attack carried out against a vehicle, before presenting a research deep-dive into how the tool is constructed and how it relays the signal across distance to defeat the proximity assumption. Finally, I will discuss mitigation strategies that aim to close the gap the attack exploits.
