Death By A Thousand Cuts: Compromising Automotive Systems via Vulnerability Chains

Presented at CanSecWest 2024, March 22, 2024, 12:30 p.m. (60 minutes).

In recent years, with the continuous development of electic vehicles (EV), intelligent networking and traditional auto manufacturing have collided intensely, blurring the boundary between cyber security and physical security. In the past, many attacks against cars focused on car keys, but nowadays, are cars adequate to deal with attacks from the internet? In this presentation, our goal is to hack an EV without physical contact, as these vehicles have surpassed 11 million in cumulative global production and sales. We will introduce our team's black box security testing on several new energy vehicle models, starting from a situation where we had no debugging access, to finally chaining multiple vulnerabilities together into exploit chains for stealing the vehicle through an attack. First, we will introduce how we discovered multiple RCE vulnerabilities and privilege escalation vulnerabilities in several vehicle models. Next, we will present how to utilize in-vehicle communication technologies for post-exploitation attacks, such as controlling vehicle components like doors and windows, and even bypassing the PEPS vehicle start authorization system using vulnerabilities. In addition, we will discuss how to expand the attack surface of vehicles and broaden the impact of RCE for contactless attacks. Finally, we will draw conclusions and provide perspectives on EV security, as well as offer security recommendations to automakers.

Presenters:

  • Linfeng Xiao - xiaomi
    肖临风 Linfeng Xiao(@0xp0kerface) is a Security Researcher at Xiaomi ShadowBlade Security Lab. He focuses his research on binary and wireless security. He is a speaker at security conferences including HITBSecConf and KCon. He has contributed vulnerabilities to companies like Facebook, Huawei and others.

Links:

Similar Presentations: