Security issues of IoV devices

Friday 5 October 14:30 - 15:00, Red room

Spencer Hsieh (Trend Micro)
Aaron Luo (Trend Micro)



As more and more devices are connected to the internet, automotive electronics manufacturers and car makers are also trying to develop new products to fulfil the demand of connected cars. These Internet of Vehicle (IoV) devices are bringing better driving experiences to customers, but they are bringing new security issues at the same time.

To evaluate the security of the IoV devices on the market, we first identified several potential attack vectors against IoV devices and several key components of a connected car, including remote keyless systems, in-vehicle infotainment (IVI) systems, and OBD2 dongles. In order to expose the potential risk of these factors, we have also tried to hack some of these devices and discovered several vulnerabilities, including CVE-2018-1170.

In this presentation, we will first discuss the potential attack vectors we have identified and possible scenarios to exploit these issues. Then, we will discuss the IoV devices that we have tried to hack and the approaches we used. We will talk about the vulnerabilities of these devices from different aspects, such as the corresponding mobile apps, wireless communication protocols, firmware, hardware, and their connections to CAN bus. We will explain how to tamper mobile apps, exploit Bluetooth communication and over-the-air update mechanisms. We will also talk about how we dumped the firmware, bypassed the hardware firmware protection, discovered the development backdoor, and circumvented the checksum protection. Finally, we will talk about using CAN bus messages to achieve remote car controlling, such as unlocking doors, lowering windows, and folding rear view mirrors.

We will introduce the tools, such as logic analyzer, JLink, KDS and IDA Pro, used to analyse and discover these issues as well. Details of the CVE-2018-1170 will also be covered.



Other VB2018 papers

Tracking Mirai variants

Ya Liu (Qihoo)
Hui Wang (Qihoo)

From drive-by download to drive-by mining: understanding the new paradigm

Jérôme Segura (Malwarebytes)

Who wasn’t responsible for Olympic Destroyer?

Paul Rascagneres (Cisco Talos)
Warren Mercer (Cisco Talos)