What happens if you assemble a CAN simulator from eBay parts and connect to a car via Bluetooth and DNS? Hackers from PCAutomotive showed: the 2020 Nissan LEAF can be hacked — the steering wheel turns while driving, the microphones are active, the speakers broadcast, and messages can be read.
At Black Hat Asia, they presented a 118-page report with a step-by-step attack: from building a stand to exploiting vulnerabilities — MiTM in app_redbend, buffer overflows, lack of digital signature, vulnerabilities in Wi-Fi and the i.MX 6 bootloader, as well as CAN filtering issues.
The car turned out to be not only a means of transportation, but also an object of wiretapping, surveillance, and remote control. Manufacturers have something to think about — while the steering wheel still turns at the will of the driver, and not a remote scenario.
At Black Hat Asia, they presented a 118-page report with a step-by-step attack: from building a stand to exploiting vulnerabilities — MiTM in app_redbend, buffer overflows, lack of digital signature, vulnerabilities in Wi-Fi and the i.MX 6 bootloader, as well as CAN filtering issues.
The car turned out to be not only a means of transportation, but also an object of wiretapping, surveillance, and remote control. Manufacturers have something to think about — while the steering wheel still turns at the will of the driver, and not a remote scenario.
