电子木马：小米电动滑板车面临勒索软件、追踪、拒绝服务攻击和数据泄露的威胁.pdf

《电子木马：小米电动滑板车面临勒索软件、追踪、拒绝服务攻击和数据泄露的威胁.pdf》由会员分享，可在线阅读，更多相关《电子木马：小米电动滑板车面临勒索软件、追踪、拒绝服务攻击和数据泄露的威胁.pdf（38页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsE-Trojans:Ransomware,Tracking,DoS,and Data Leaks on Battery-powered Embedded SystemsM.Casagrande(KTH),D.Antonioli(EURECOM).#BHUSA BlackHatEvents Postdoc at KTH(Sweden),Prof.PapadimitratosNetworked Systems Security(NSS)groupPhD at EURECOM(France),Dec 2024,Prof.Antonioli Research

2、in Security and Privacy:Proprietary protocols(fitness trackers,e-scooters,)Standard protocols(BLE,Wi-Fi,NFC,FIDO2,)Mobile(Android,)2Marco Casagrande#BHUSA BlackHatEvents Professor at EURECOM(France)Software and System Security(S3)group Research security and privacyBluetooth(BLUFFS,BLURtooth,BIAS,KNO

3、B,)E-Scooters(E-Spoofer,E-Trojans,)FIDO2(CTRAPS,)Web tracking(FP-tracer,)More at https:/francozappa.github.io3Daniele Antonioli#BHUSA BlackHatEvents Co-authors from University of Padova(UniPD)Riccardo CestaroProf.Eleonora Losiouk Prof.Mauro Conti4Acknowledgments#BHUSA BlackHatEvents Introduction Vul

4、nerabilities and Attacks Overvoltage Battery Destruction Undervoltage Battery Ransomware RE,Toolkit,and Evaluation Countermeasure and Disclosure5E-Trojans Talk Outline#BHUSA BlackHatEventsIntroduction#BHUSA BlackHatEventsE-Scooter Ecosystem E-ScooterE-Scooter mobile appE-ScooterbackendProp proto ove

5、r BLEStandard TLS7#BHUSA BlackHatEvents8Xiaomi E-Scooter EcosystemXiaomi is a e-scooter market leader(personal and rental)e-scooters,includingM365 and Mi 3.Mi Home mobile app to manage the e-scooter(password lock,firmware update,).E-scooter can be remotely attacked to compromise security,privacy,and

6、 safety.#BHUSA BlackHatEventsDont Give me a Brake,Zimperium 2019 ref9Attacker remotely locks a Xiaomi M365 e-scooter via a custom wireless message.#BHUSA BlackHatEventsOur Xiaomi E-Spoofer Attacks 2023 ref10#BHUSA BlackHatEventsOur Xiaomi E-Trojans Attacks 2023 ref11#BHUSA BlackHatEventsXiaomi E-Sco