1、#SECTORCA BlackHatEventsDriveThruDriveThru HackingHackingNow with DeliveryNow with DeliveryTeamTeamAlina TanGeorge ChenChee Peng TanBenjamin Caosecurity architectsecurity assurancesecurity analystBackgroundBackground Dashcams have become a necessity for vehicle ownershipOut of every 10 cars,at least
2、 8 are installed with dashcamsAssists with insurance claims,lower premiums Many popular brands in Asia,such as BlackVue,70mai,and Thinkware,have gained traction in North AmericaDashcam owners prioritize footage quality over securityMany of these dashcams share the same hardware and even firmwareA si
3、ngle exploit can affect multiple models from those brandsOEM Makers for several continental car brands70maiDDPAIViofoIROAD and GNETThinkwareBlackVueWe are here!where your dashcams are fromStudy over 1K Dashcams in SingaporeStudy over 1K Dashcams in SingaporeDashcam Brand Distribution(Based on Discov
4、erable SSIDs-Total dataset of over 1000)We bought 24 dashcams as our initial training data set and involved over 40 participants to build the tool and understand the inner workings of dashcams.AgendaAgendaRed ModuleBlue ModuleDashboardRecommendationsResponsible DisclosurehackhardenDriveThruDriveThru
5、 Hacking:Now with DeliveryHacking:Now with Deliverydiscoverconnectbypassauthdumpprocessinsightsonline servicecontrolled testinghardeningc2 servicedeliverypersistencepersistencepersistenceExtending wardriving to access dashcams and stream media files into an LLM pipeline for insights.infectionsabotag
6、ebeaconc2Attack FlowAttack FlowDashcam Model*HighlightAttack StageJ1Discover dashcam SSIDs using our serviceJ,K,E,F,H,P2Connect using default/fixed/common passwords(fallback traditional cracking of handshake captures)J,K,E,F,H,P,C3Bypass device registration or physical pairing and muting dashcam sou