远程操控日产聆风:通过互联网控制关键车身部件.pdf

编号:981843 PDF 118页 6.04MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHAS BlackHatEventsRemote Exploitation of Nissan Leaf:Remote Exploitation of Nissan Leaf:Controlling Critical Body ElementsControlling Critical Body Elementsfrom the Internetfrom the InternetMikhail EvdokimovRadu MotspanAgenda1.Introduction2.Testbench and anti-theft3.Bluetooth RCE4.Persistence and

2、data exfiltration5.CAN communication6.Gateway filtering7.Leaf-specific UDS commands8.Vulnerability disclosure2Introduction3Who Are We?Radu Motspan_moradek_Reverse-EngineeringVulnerability ResearchExploit Development4Polina Smirnovamoe_hwReverse-EngineeringVulnerability ResearchHardware EngineeringMi

3、khail EvdokimovkonatabrkReverse-EngineeringVulnerability ResearchExploit Development and our teammatesTarget:Nissan Leaf ZE1Nissan Leaf 2nd Gen produced in 2020Gateway Unit:284U15SN0ACAN messages filteringTelematic Unit:282755SN0ECellular communicationInfotainment Unit:259155SR0BWLAN client mode onl

4、yBluetooth(phonebook/calls)USB(updates/communication)Apple CarPlay/Android AutoNavigation(Maps and GPS)5TestbenchBought several units from ebayComponent mutual-authentication is enabledWent to the closest auto junkyard in BudapestIVI,Gateway,BCM,IC,wiring harnessThe result is a working testbench6Ant

5、i-Theft:General InformationAnti-Theft protection is used to prevent theft of the IVI,or unauthorized access to the vehicles systemsLocking mechanismsFirmware authenticationVIN encodingDisable if mismatch is detectedFunctionality reductionDisturbance during usage7Anti-Theft:Nissan IVI LogicWhen IVI i

6、s switched on,the anti-theft challenge must be solvedIVI communicates with the specific ECU over CAN busError GREEN:No response receivedError RED:Incorrect response receivedIf successful,the anti-theft is passed8CAN-IDMessage0 x71e:IVI ECU(seed)14 03 f05bb5 17 ffff0 x72e:IVI ECU(solution)14 c826e381

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(远程操控日产聆风:通过互联网控制关键车身部件.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠