1、#BHAS BlackHatEventsDriveThru Car HackingFast Food,Faster Data BreachSpeakers:Alina Tan,George ChenContributors:Chee Peng Tan,Ri-Sheng Tan,Penelope Chua,Benjamin Cao#BHAS BlackHatEventsAlina TanCar PersonGeorge ChenLego PersonSpeakers#BHAS BlackHatEventsChee Peng TanPenelope ChuaBenjamin CaoContribu
2、torsRi-Sheng Tan#BHAS BlackHatEventsTeaser#BHAS BlackHatEventsDashcams have become a necessary accessory for car ownership.Out of every 10 cars,at least 8 are installed with dashcams.In Singapore,IROAD dashcams emerge as the most popular,making up nearly half of the dashcams found in our research,wi
3、th 70mai coming in second,representing about one-tenth of the data.Many dashcams share similar hardware and even possibly software.Dongguan Electronics Developed Mobile applications for handling Wifi connections to dashcamsOEM Makers for several continental car brandsIROAD and GNET Similar Manufactu
4、rersThinkwareBlackvueBackground#BHAS BlackHatEventsTested over 2 dozen models across 15 brands Collecting 1k+Dashcam SSIDsDashcam Brand Distribution(*Based on Discoverable SSIDs)MarauderBrand“X”#BHAS BlackHatEventsModelsCount of ModelsBrand“X”We bought 20 dashcams as our initial training data set to
5、 build our tool,which we then use to test on 40 participants dashcams.#BHAS BlackHatEventsTechnique:DriveThru Hacking discoverconnectExtending wardriving to access dashcams and stream media files into an LLM pipeline for insights.bypassmuteauthdumpsabotageextractprocessinsights#BHAS BlackHatEventsDa
6、shcam Model*HighlightAttack StageJ1Discover dashcam SSIDsJ,K,E,F,H,P2Connect using default/fixed/common passwords(fallback traditional cracking of handshake captures)J,K,E,F,H,P,C3Bypass device registration or physical pairing C4Mute dashcam sounds during the attack(if applicable)all5Authenticate fi