Car Hacking Village People Hack Infotainment, Control Cars by SMS & Exploit Vulnerabilities in QNX

It’s time for DefCon and the Car Hacking Village people will be hacking into automotive vulnerabilities in all kinds of new ways. This Friday and Saturday, hackers are explaining what is needed to hack a car at CarHacking Village in Las Vegas, Nevada. There will be a presentation on the current state on smart key hacking and its potential uses. Eric Evechick is showing the SocketCAN framework for interacting with CAN devices. There is a seminar on automotive bootloaders and how poor security design or implementation choices can be used by attackers to. The open security features of key fobs will be explored. There will be an seminar on how a user can remotely exploit, escalate privilege, exfiltrate data, and modify memory using synthetic vulnerabilities. There’s a quick start guide for car hacking.

Red Balloon Security is showing the Automotive Exploitation Sandbox, an online hands on platform for exercising synthetic vulnerabilities on a QNX system. Complementary access is available for automotive system engineers and security analysts.

Researchers at security provider, Zingbox found a way to hack into a car and control it with text messages. Salinas is the first ever SMS-commanded Car Infotainment RAT.

Zingbox researcher Regalado, co-author of Gray Hat Hacking, and independent researchers Gerardo Iglesias and Ken Hsu broke into a car’s infotainment system and reverse-engineered its main components with one goal in mind: to determine if a car’s operating system could be infected with malware and prove that this Trojan could be controlled remotely through SMS messages. In this way, a driver’s personal data and safety could be compromised using the driver’s own cell phone.

Daniel Regalado, Zingbox principal security researcher, will describe how he and his colleagues infected a car’s infotainment system with malware, making it possible to exfiltrate the driver’s personal information via SMS messages, at the DefCon 26 Car Hacking Village in Las Vegas on August 10, 2018. These research findings could have important implications for rental car drivers and the $28B U.S. rental car market, according to Regalado.

“The fact that we can infect a car’s infotainment system and expose private data sheds light on an important vulnerability for manufacturers going forward,” said Regalado. He has also recently hacked a Telepresence Robot, an IV pump and other medical devices.

A car’s infotainment system powers GPS navigation and music selection, makes and receives phone calls, reads SMS messages, and can manage firmware updates. A maliciously crafted USB device plugged into a vehicle can infect the infotainment system, something that could be done by a driver via social engineering tricks, such as a USB loaded with free music that entices a driver to plug in the infected USB drive. Once paired with the driver’s phone, malware in the infotainment system leverages the phone’s SMS message service to access personal information such as contact lists. It can also intercept banking authentication pins, or even block incoming or outgoing calls. The same SMS service could then be used to take control of the infotainment system remotely and create distractions for the driver or put the system into an unusable state that requires repair from the manufacturer.

“In order to provide real-time security to all IoT devices, Daniel Regalado and others on Zingbox’s research team continuously push the boundaries of IoT vulnerability research,” said Xu Zou, Zingbox CEO and co-founder. “We’re glad to share our latest findings with the broader security community and raise the awareness of the impact of IoT device vulnerabilities.”

An auto infotainment system depends on the Internet of Things (IoT) to operate. The fact that an infotainment system can be infected is important learning for the industry, suggesting the need for stepped-up IoT cybersecurity solutions similar to what is already available for IoT devices in healthcare, financial services and manufacturing. This would protect drivers, especially the millions of car renters around the world.

More DefCon News:

These was other exciting news from DefCon–Elon Musk made an appearance and then Tweeted that he would like to release Tesla safety software to other automakers. The badge this year was spectacular and many cybersecurity companies gave insights into car hacking.


You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.