当前位置:首页 > 报告详情

汽车免下车通道遭黑客攻击:快餐店更快的数据泄露.pdf

上传人: 竿*** 编号:981803 2025-11-29 43页 6.86MB

1、#BHAS BlackHatEventsDriveThru Car HackingFast Food,Faster Data BreachSpeakers:Alina Tan,George ChenContributors:Chee Peng Tan,Ri-Sheng Tan,Penelope Chua,Benjamin Cao#BHAS BlackHatEventsAlina TanCar PersonGeorge ChenLego PersonSpeakers#BHAS BlackHatEventsChee Peng TanPenelope ChuaBenjamin CaoContribu

2、torsRi-Sheng Tan#BHAS BlackHatEventsTeaser#BHAS BlackHatEventsDashcams have become a necessary accessory for car ownership.Out of every 10 cars,at least 8 are installed with dashcams.In Singapore,IROAD dashcams emerge as the most popular,making up nearly half of the dashcams found in our research,wi

3、th 70mai coming in second,representing about one-tenth of the data.Many dashcams share similar hardware and even possibly software.Dongguan Electronics Developed Mobile applications for handling Wifi connections to dashcamsOEM Makers for several continental car brandsIROAD and GNET Similar Manufactu

4、rersThinkwareBlackvueBackground#BHAS BlackHatEventsTested over 2 dozen models across 15 brands Collecting 1k+Dashcam SSIDsDashcam Brand Distribution(*Based on Discoverable SSIDs)MarauderBrand“X”#BHAS BlackHatEventsModelsCount of ModelsBrand“X”We bought 20 dashcams as our initial training data set to

5、 build our tool,which we then use to test on 40 participants dashcams.#BHAS BlackHatEventsTechnique:DriveThru Hacking discoverconnectExtending wardriving to access dashcams and stream media files into an LLM pipeline for insights.bypassmuteauthdumpsabotageextractprocessinsights#BHAS BlackHatEventsDa

6、shcam Model*HighlightAttack StageJ1Discover dashcam SSIDsJ,K,E,F,H,P2Connect using default/fixed/common passwords(fallback traditional cracking of handshake captures)J,K,E,F,H,P,C3Bypass device registration or physical pairing C4Mute dashcam sounds during the attack(if applicable)all5Authenticate fi

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《DriveThru Car Hacking》报告,以下为全文主要内容概括: 1. **Dashcam普及与安全问题**:在新加坡,Dashcam普及率高,但存在安全漏洞,如默认密码、设备配对问题等。 2. **攻击流程**:攻击者可发现Dashcam SSID,通过默认密码连接,绕过设备配对,甚至远程控制。 3. **攻击结果**:在40个Dashcam中,11个成功被攻击,主要原因是设备配置和模型相似。 4. **漏洞总结**:约48.6%的Dashcam存在设备注册/配对绕过漏洞,6.7%存在文件暴露漏洞。 5. **制造商响应**:部分制造商已采取措施修复漏洞,但仍有改进空间。 6. **建议**:加强安全协议、固件更新、隐私保护、攻击面减少等。 7. **未来工作**:分析攻击向量,开发缓解策略,与制造商、监管机构和安全社区合作。
"行车记录仪,安全漏洞知多少?" 行车记录仪易受黑客攻击?" "你的行车记录仪安全吗?揭秘潜在风险!"
客服
商务合作
小程序
服务号
折叠