Code Execution Can Bus Pivot

Infotainment Code Execution CAN Bus Pivot

Overview of the Vulnerability

The In-Vehicle Infotainment (IVI) system, is a central unit in an automotive vehicle's dashboard that centralizes information and entertainment systems and their controls. Misconfigurations in the IVI system can lead to security weaknesses. An attacker can pivot into the CAN bus system and execute code by taking advantage of an IVI misconfiguration, causing the system to not behave as intended.

Business Impact

This IVI system misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.

Steps to Reproduce

  1. The IVI system {{application}} uses this feature to {{action}}, exploited by {{action}}

  2. Pivot into the CAN bus using this vulnerability by {{action}}

  3. Inject the following CAN bus payload by using {{hardware}} and/or {{application}}:

{{payload}}

  1. Observe that {{action}} occurs as a result

Proof of Concept (PoC)

The image(s) below demonstrates the process by which an attacker identifies where the IVI system communication occurs. It also shows how an attacker connects to the CAN bus, and is able to inject the payload(s):

{{screenshot}}

Guidance

Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature. For an infotainment vulnerability, please include detailed instructions that can be followed to easily demonstrate and reproduce the issue. If data was found using Open Source Intelligence (OSINT), please provide steps to where and how it was found.

Attempt to completely stop the vehicle from functioning if the infotainment system controls a mechanical aspect of the vehicle. If this is possible, provide a full Proof of Concept (PoC) here.

Recommendation(s)

There is no single technique to remediate automotive security misconfigurations. However, implementing the right combination of defensive measures can prevent and limit the impact. Some best practices include the following:

  • Develop and enforce secure configuration guidelines for the automotive system, incorporating guidelines for software, firmware, and network settings.

  • Ensure that the vehicle's firmware is regularly updated with security patches and fixes to address known vulnerabilities and misconfigurations.

  • Conduct regular security audits and assessments of the vehicle's configurations to identify and remediate any misconfigurations. Follow industry best practices and benchmarks for these.

PreviousInfotainment Radio Head UnitNextCode Execution No Can Bus Pivot

Last updated