Nowadays, more and more connected cars on the road, cars brought convenience experience and service to the users, but the hidden security risks and hidden dangers behind also will increase, after our penetration test was carried out on lots of connected cars, we summarized a set of remote control methodology for connected vehicles, can realize the case of contactless controlling cars, execution including locating, open/close the door, start/stop the engine. After further study, we could control the same series of cars’ which has relevant vulnerabilities.
Such threats for automobile manufacturers and car’s owners is very serious harm, at present, we found that this kind of attack methods affect more than 80% of connected car, the vulnerabilities were due to improper hardware design, code is not rigorous, system security configuration is not reasonable, the network isolation is not strict, identity authentication can be evaded. We will talk about this methodology in the speech with a large number of cases, some attack methods and their influence, and put forward the corresponding security recommendations, to ensure information security in the future cars.
Minrui Yan is a senior security researcher of SkyGo Team at 360 Technology, focused on automotive cybersecurity. He is interested in penetration testing, hardware security and developing. Author of the book called Intelligent hardware security and a security evaluation tool called CAN-Pick. Presenting researches on various conferences such as PacSec, POC, Codeblue, CanSecWest, SyScan360, BlackHat Arsenal, ruxcon.
