当前位置:首页 > 报告详情

得来速餐厅破解:现在有了外卖服务.pdf

上传人: 竿*** 编号:982154 2025-11-29 45页 7.50MB

1、#SECTORCA BlackHatEventsDriveThruDriveThru HackingHackingNow with DeliveryNow with DeliveryTeamTeamAlina TanGeorge ChenChee Peng TanBenjamin Caosecurity architectsecurity assurancesecurity analystBackgroundBackground Dashcams have become a necessity for vehicle ownershipOut of every 10 cars,at least

2、 8 are installed with dashcamsAssists with insurance claims,lower premiums Many popular brands in Asia,such as BlackVue,70mai,and Thinkware,have gained traction in North AmericaDashcam owners prioritize footage quality over securityMany of these dashcams share the same hardware and even firmwareA si

3、ngle exploit can affect multiple models from those brandsOEM Makers for several continental car brands70maiDDPAIViofoIROAD and GNETThinkwareBlackVueWe are here!where your dashcams are fromStudy over 1K Dashcams in SingaporeStudy over 1K Dashcams in SingaporeDashcam Brand Distribution(Based on Discov

4、erable SSIDs-Total dataset of over 1000)We bought 24 dashcams as our initial training data set and involved over 40 participants to build the tool and understand the inner workings of dashcams.AgendaAgendaRed ModuleBlue ModuleDashboardRecommendationsResponsible DisclosurehackhardenDriveThruDriveThru

5、 Hacking:Now with DeliveryHacking:Now with Deliverydiscoverconnectbypassauthdumpprocessinsightsonline servicecontrolled testinghardeningc2 servicedeliverypersistencepersistencepersistenceExtending wardriving to access dashcams and stream media files into an LLM pipeline for insights.infectionsabotag

6、ebeaconc2Attack FlowAttack FlowDashcam Model*HighlightAttack StageJ1Discover dashcam SSIDs using our serviceJ,K,E,F,H,P2Connect using default/fixed/common passwords(fallback traditional cracking of handshake captures)J,K,E,F,H,P,C3Bypass device registration or physical pairing and muting dashcam sou

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **Dashcam普及与安全问题**:亚洲地区Dashcam普及率高,但许多Dashcam存在安全漏洞,如默认密码、未加密的文件传输等。 - **研究方法**:研究团队购买了24个Dashcam作为样本,分析了超过1000个Dashcam的SSID分布。 - **攻击流程**:攻击者可以通过发现SSID、连接、绕过认证、数据泄露、破坏设备、C2感染、持久化、利用LLM处理视频和音频数据等步骤进行攻击。 - **攻击结果**:在40个参与者的测试中,11个Dashcam被成功攻击,其中70%的攻击成功基于设备注册/配对绕过。 - **制造商响应**:部分制造商已接受漏洞报告并采取措施,但仍有品牌未采取行动。 - **建议**:制造商应采用安全设计原则,用户应更改默认密码并使用强密码。
"破解行车记录仪,揭秘黑科技!" "行车记录仪安全漏洞,你了解多少?" "行车记录仪云端安全,如何守护你的隐私?"
客服
商务合作
小程序
服务号
折叠