UnAuthorized Access Turn On

Radio Frequency Unauthorized Access To Turn On Vehicle

Overview of the Vulnerability

The Radio Frequency Hub (RFH) is a receiver hub which communicates with other electronic devices and control units through either the Controller Area Network (CAN) bus or a separate serial bus. The RFH allows communications for vehicle accessories such as remote ignition systems, keyless entry, remote immobilization systems, and anti-theft systems, amongst other operations.

Misconfigurations in the RFH can lead to security weaknesses across any of these systems. An attacker can control the power state of a device via radio frequency. They could exploit this by performing a Denial of Service (DoS) attack, preventing the owner of the vehicle from turning their vehicle on or off, as well as allowing for remote control of the vehicle during use.

Business Impact

This RFH misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.

Steps to Reproduce

  1. Setup {{hardware}} and {{software}} to interact with the RF layer of {{target}}

  2. Turn on {{target}} using {{hardware}} and/or {{software}}

Proof of Concept (PoC)

The image(s) below demonstrates the RFH misconfiguration:

{{screenshot}}

Guidance

Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature. For a RF Hub misconfiguration vulnerabilities, please include detailed instructions that can be followed to easily demonstrate and reproduce the issue.

Attempt to completely stop the vehicle from functioning through the CAN system. If this is possible, provide a full Proof of Concept (PoC) here.

Recommendation(s)

There is no single technique to remediate automotive security misconfigurations. However, implementing the right combination of defensive measures can prevent and limit the impact. Some best practices include the following:

  • Develop and enforce secure configuration guidelines for the automotive system, incorporating guidelines for software, firmware, and network settings.

  • Ensure that the vehicle's firmware is regularly updated with security patches and fixes to address known vulnerabilities and misconfigurations.

  • Conduct regular security audits and assessments of the vehicle's configurations to identify and remediate any misconfigurations. Follow industry best practices and benchmarks for these.

PreviousRoll JamNextRSU

Last updated