Exploit Story | AutoRFKiller The Tool That Unlocked Thousands of Cars and Earned Me Two CVEs

Описание: This session presents the development and impact of AutoRFKiller, a tool designed to exploit vulnerabilities in cars using learning code RF (radio frequency) technology for remote locking and unlocking. Over more than a year, the discovery and testing process culminated in responsible disclosure, resulting in two CVEs officially published by ASRG in June 2025.

Attendees will gain a behind-the-scenes look at RF car hacking, the technical challenges of automating the exploit, and the complex process of coordinating with vendors for responsible disclosure. The talk also includes the public release of AutoRFKiller, offering a unique insight into real-world automotive cybersecurity, exploitation, and vulnerability management.

About the Speaker:

Danilo Erazo is an independent Security Researcher from Ecuador, with experience in developing electronic devices, pentesting, software development, reverse engineering and hardware hacking.

He is currently engaged in research into embedded devices and automotive systems, he is a volunteer in the DEFCON CHV. He is the founder of the Car Hacking Village at Ekoparty, the founder of the security conference PWN OR DIE in Ecuador and the founder of his own company Reverse Everything. He has been a speaker at major international cybersecurity events, including DEFCON33, Recon 2025, Hardwear USA 2025, DEFCON 32, Ekoparty, Bsides and more.