Last-minute paper: Remotely control cars through HTC/Volkswagen Customer-Link Bridge

Thursday 5 October 16:00 - 16:30, Red room

Spencer Hsieh (Trend Micro)
Aaron Luo (Trend Micro)

With the rapid growth of the Internet of Thing (IoT) in recent years, car makers have developed various technologies to fulfil the demand of connected cars. These Internet of Vehicle (IoV) devices are bringing better driving experiences to customers, but they are also bringing new security issues.

In this research, we will discuss attacks against the Volkswagen Customer-Link Bridge, which is an IoV device developed by HTC and Volkswagen and pre-installed on all Volkswagen cars in some markets. The device can provide customers with various functions through a mobile app or through the infotainment system in their cars. It can monitor the driving behaviour of customers and the status of their cars, as well as provide assistance to find parking lots, gas stations, roadside assistance, and service centres.

We will talk about the vulnerabilities of this system from different aspects, such as the mobile app, wireless communication protocol, firmware, hardware, and in-car network. First, we will discuss the vulnerabilities of the mobile app and how we managed to exploit the Bluetooth communication and over-the-air update mechanism. Then, we will talk about how we bypassed the hardware protection to dump the firmware by identifying a backdoor through firmware analysis. After that, we will explain the checksum protection of firmware and how it can be circumvented. Finally, we will demonstrate how the firmware can be modified to send out arbitrary CAN bus messages and exploit ECUs to remotely control the windows of a car. We will also discuss the approaches and tools, such as logic analyser, JLink, KDS and IDA Pro, used to analyse and discover these issues. Possible countermeasures and enhancements for these issues will also be discussed. 



Spencer Hsieh

Spencer Hsieh is a security researcher at Trend Micro. He joined Trend Micro's Threat Solution Research team in 2009. His areas of expertise include cyber threats, IoT security, incident response, investigation of targeted attacks, malware analysis and exploitation techniques. His current research focuses on areas of emerging threats and IoT security. He has presented research at several security conferences, including VB.



Aaron Luo

Aaron Luo is a security researcher at Trend Micro. He joined Trend Micro's Cyber Safety Solution team in 2015. Aaron began his security research in 2005 and is active in the information security communities in Taiwan. He has had several research papers published in HITCON, UISGCON, CLOUDSEC, SYSCAN360 and DEF CON.












Other VB2017 papers

Walking in your enemy's shadow: when fourth-party collection becomes attribution hell

Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)

Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…

The state of cybersecurity in Africa: Kenya

Tyrus Kamau (Euclid Consultancy)

The cyber threats Kenya faces range from basic hacking such as website defacements, financial fraud, social media account…

Keynote address: Inside Cloudbleed

John Graham-Cumming (Cloudflare)

In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…