Friday 5 October 14:30 - 15:00, Red room
Spencer Hsieh (Trend Micro)
As more and more devices are connected to the internet, automotive electronics manufacturers and car makers are also trying to develop new products to fulfil the demand of connected cars. These Internet of Vehicle (IoV) devices are bringing better driving experiences to customers, but they are bringing new security issues at the same time.
To evaluate the security of the IoV devices on the market, we first identified several potential attack vectors against IoV devices and several key components of a connected car, including remote keyless systems, in-vehicle infotainment (IVI) systems, and OBD2 dongles. In order to expose the potential risk of these factors, we have also tried to hack some of these devices and discovered several vulnerabilities, including CVE-2018-1170.
In this presentation, we will first discuss the potential attack vectors we have identified and possible scenarios to exploit these issues. Then, we will discuss the IoV devices that we have tried to hack and the approaches we used. We will talk about the vulnerabilities of these devices from different aspects, such as the corresponding mobile apps, wireless communication protocols, firmware, hardware, and their connections to CAN bus. We will explain how to tamper mobile apps, exploit Bluetooth communication and over-the-air update mechanisms. We will also talk about how we dumped the firmware, bypassed the hardware firmware protection, discovered the development backdoor, and circumvented the checksum protection. Finally, we will talk about using CAN bus messages to achieve remote car controlling, such as unlocking doors, lowering windows, and folding rear view mirrors.
We will introduce the tools, such as logic analyzer, JLink, KDS and IDA Pro, used to analyse and discover these issues as well. Details of the CVE-2018-1170 will also be covered.
Spencer Hsieh is a security researcher at Trend Micro. He joined Trend Micro's Threat Solution Research team in 2009. His areas of expertise include cyber threat, IoT security, incident response, investigation of targeted attacks, malware analysis and exploitation techniques. His current research focuses on areas of emerging threats and IoT security. He has presented research at several security conferences, including VB.
Sayeed Abu-Nimeh (Seclytics)
Matthias Leisi (DNS Whitelist (DNSWL))
Axelle Apvrille (Fortinet)
Jérôme Segura (Malwarebytes)