Smart car forensics and sensor warfare
Gabriel Cirlig & Stefan Tanase, Ixia
Given a relatively new car with an infotainment system completely decoupled from the car’s backbone (ignition, lights and such), we’re going to examine the data stored inside in hopes of finding relevant information about the user of the vehicle.
A proof-of-concept vehicle weaponization attack will be shown during this talk. By abusing various debug tools present on the car’s infotainment system, we demonstrate how a malicious attacker would be able to track the position of the car in real time, or even do wardriving and network exploitation from the on-board computer of the car.
We were able to extract call logs, text messages and phone contacts from all mobile devices connected to the car. More worryingly, the navigation system logs were left completely unobfuscated, allowing a potential attacker to track the driver’s habits very precisely. Another big concern is the relative ease with which we could weaponize the car and turn it into a passive wifi scanner for unprotected networks thanks to the plethora of onboard debugging tools present on the car’s infotainment system.
Software developer turned rogue, went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For about three years Gabriel has been tinkering at Ixia’s threat intelligence system as his full time passion while playing around with whatever random hardware comes into his hands. With a background in electronics engineering and various programming languages, Gabriel likes to dismantle and hopefully put back whatever he gets his hands on.
Stefan is an experienced security researcher based in Bucharest, Romania. Having spent the last 10 years of his career combating the world’s most sophisticated cyber threats, Stefan joined Ixia in 2017 as a Principal Security Researcher. Through innovative research projects and effective public speaking engagements, he actively contributes to keeping internet users safe. While Stefan specializes in collecting threat intelligence and monitoring the cybercrime ecosystem, he has a real passion for digital rights and internet privacy.