Obtaining the hardware, extracting firmware, and then reverse engineering to uncover vulnerabilities in automotive systems is a common practice within the vehicle security community. However, access to vehicle components can often be limited—especially for newer models—making it challenging for researchers who do not own the vehicle. Dissecting a car can also be risky and expensive for many security researchers. In this session, we explore an affordable and practical research approach to compromise the security of cars. We utilize blackbox testing to assess the security of one of the most famous car manufacturers in China, which recorded 140,000 annual sales in 2023. We kept tracking its security changes for the last three years, witnessing their development in security along with the regulations that came into force (e.g., R155, ISO 21434). As a result of our research, we identified two significant Man-in-the-Middle vulnerabilities that can serve as entry points for exploitation. Both vulnerabilities enable remote vehicle control, with one allowing full control over the entertainment system. Although the powerful mitigations, and security mechanisms are applied one by one to the vehicles, manufacturers should reflect on their effectiveness in investment of security systems. By: Yingjie Cao | Security Researcher, 360 Vulnerabiity Research Institute Xinfeng Chen | Security Researcher, SigVoid Full Abstract and Presentation Materials: https://ift.tt/XbU4txY
source https://www.youtube.com/watch?v=KLvWZJumBVQ
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment