Meet Salinas, the first ever SMS-commanded Car Infotainment RAT

Presented at REcon 2018, June 15, 2018, 5 p.m. (60 minutes).

Nowadays any recent car up to 5 years old comes with something called “Infotainment”, this is that IPad-looking screen that allows you to use the GPS Navigation, select your favorite music from your IPod, make or receive calls while speaking through the Car’s speakers, or even ask the Car to read a SMS message for you, that along with the latest self-driving technologies popping up everywhere cannot longer be handled by a microcontroller, it requires an embedded OS to support all those features and therefore the world started worrying about the possibility to get Ransomware on the Car or an Infostealer reading all your SMS messages while you are driving, or triggering a DoS on the CAN Bus so that the Car cannot work properly, etc. All those scenarios used to be hypothetical until now, we grabbed an infotainment, broke into it and reversed engineer all its main components with one goal in mind: to infect the Infotainment with malware that can be commanded remotely through SMS messages.


Presenters:

  • Ken Hsu
    Ken Hsu is an independent researcher doing exploit and malware analysis during the day and hacking random stuff at night
  • Gerardo Iglesias
    Gerardo Iglesias is a security researcher currently working as a malware analyst. He has professional experience with pen-testing, vuln-dev and network security.
  • Daniel Regalado
    Daniel Regalado is a security researcher with extensive experience as a malware analyst. He works at Zingbox, as Principal Researcher.

Links:

Tags:

Similar Presentations: