当前位置:首页 > 报告详情

黑匣子双击:利用中间人攻击远程入侵汽车两次.pdf

上传人: 竿*** 编号:981805 2025-11-29 52页 8.59MB

1、#BHAS BlackHatEventsDouble Tap at the BlackboxHacking a Car Remotely Twice with MiTMYingjie Cao360 Vulnerability Research InstituteXinfeng ChenSIG Void Technology#BHAS BlackHatEvents#Yingjie Cao(YinJai_c)-Security researcher 360 Vulnerability Research Institute-Specialized in connected vehicle secur

2、ity-A full-chain exploiter of Blackberry QNX system,the most popular automotive OS-His work has been accepted by both industry and academia,including IEEE S&P and Blackhat Asia#Xinfeng Chen-Security researcher SIG Void Technology-Specialized in mobile security-Skilled at customizing AOSP to bypass a

3、pplication protections#BHAS BlackHatEventsThe Prologue01PART#BHAS BlackHatEventsThree years agoAutomotive Standard ConferenceTianfu Cup Chinese Pwn2Own2021,Autumn,Chengdu#BHAS BlackHatEvents15 days before Tianfu Cup 2021 registration-We were told there is an automotive track-We need to pick a top 10

4、 brand in China-Finally,we chose a brand with over 90,000 units sold in 2021-15 days left,with zero knowledge to the target-NO hardware,NO car-We need to find extremely easy approaches to pwn it#BHAS BlackHatEvents02PARTThe Car Hacking Landscape#BHAS BlackHatEventsChallenges of Hacking a CarSynaktiv

5、 triple-pwned Tesla Pwn2OwnTill today,few researchers can follow their work due to the extremely high technical bar.#BHAS BlackHatEventsSaving researchers walletPros:-Much affordable than purchasing a car-You can disassemble the chips,dumping firmwareCons-It still costs$100-$2000 to buy an IVI-No gu

6、arantee to boot up it-The sources of component vary,development version,factory version,disassembled version.Guangzhou,ChinaThe biggest second-hand car components market in China,maybe globally largest.You can find almost every category of car parts hereProsCons#BHAS BlackHatEvents-Much affordable t

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - 研究人员Yingjie Cao和Xinfeng Chen展示了如何通过中间人攻击(MiTM)远程控制一辆汽车。 - 他们利用了MiTM技术,通过劫持更新流量,将APK更改为远程shell应用,最终获取了低权限shell访问。 - 利用CVE-2015-1805漏洞,他们实现了远程执行链,但未能获得root权限。 - 研究发现,许多移动应用使用HTTPS通信,但存在证书验证和WebViewClient等安全问题,使得MiTM攻击成为可能。 - 研究人员呼吁社区贡献更多关于MiTM漏洞的信息,并开源了相关工具以供安全社区使用。
远程入侵揭秘" 实战解析" 汽车安全漏洞大揭秘"
客服
商务合作
小程序
服务号
折叠