Scribd Logo
Upload

Welcome to Scribd!

  • 116 views

    Hacking A Connected Car Via APIs

    Uploaded by

    gglas
    A connected car has an internet connection that allows the car to share data with devices inside and outside the car. The document discusses hacking a connected car via its APIs. It describes the components of a telematics control unit (TCU) that controls communication and connectivity in a vehicle. The speaker tested APIs of the Honda Connect app on a Honda City and found vulnerabilities. Through static analysis, traffic analysis, and exploitation with tools like Frida and Burp Suite, they were able to bypass root detection and extract sensitive data like the MPIN. The vulnerabilities were disclosed to AutoISAC and Honda India.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Hacking A Connected Car Via APIs

    Uploaded by

    gglas
    116 views27 pages
    A connected car has an internet connection that allows the car to share data with devices inside and outside the car. The document discusses hacking a connected car via its APIs. It describes the components of a telematics control unit (TCU) that controls communication and connectivity in a vehicle. The speaker tested APIs of the Honda Connect app on a Honda City and found vulnerabilities. Through static analysis, traffic analysis, and exploitation with tools like Frida and Burp Suite, they were able to bypass root detection and extract sensitive data like the MPIN. The vulnerabilities were disclosed to AutoISAC and Honda India.

    Original Title

    Hacking-a-Connected-Car-via-APIs

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    A connected car has an internet connection that allows the car to share data with devices inside and outside the car. The document discusses hacking a connected car via its APIs. It describes the components of a telematics control unit (TCU) that controls communication and connectivity in a vehicle. The speaker tested APIs of the Honda Connect app on a Honda City and found vulnerabilities. Through static analysis, traffic analysis, and exploitation with tools like Frida and Burp Suite, they were able to bypass root detection and extract sensitive data like the MPIN. The vulnerabilities were disclosed to AutoISAC and Honda India.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    116 views27 pages

    Hacking A Connected Car Via APIs

    Uploaded by

    gglas
    A connected car has an internet connection that allows the car to share data with devices inside and outside the car. The document discusses hacking a connected car via its APIs. It describes the components of a telematics control unit (TCU) that controls communication and connectivity in a vehicle. The speaker tested APIs of the Honda Connect app on a Honda City and found vulnerabilities. Through static analysis, traffic analysis, and exploitation with tools like Frida and Burp Suite, they were able to bypass root detection and extract sensitive data like the MPIN. The vulnerabilities were disclosed to AutoISAC and Honda India.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 27

    Hacking a Connected Car

    via APIs
    Mohammed Shine
    whoami
    AppSec Engineer/Bugbounty Hunter

    Chapter Lead - ASRG-Kerala

    Volunteer at Defcon Trivandrum

    Automotive Photographer - @mohammed_shine


    Mobile Apps in IOT device Integration
    - Home Automation
    - Retail Experience
    - IOT wearables
    - Automotive Industry
    Advantages of using mobile apps in cars?
    - Use it instead of key fobs
    - RSA
    - Easy to use
    - Track your car
    What is a connected car?
    A connected car is one that has its own connection to the internet, usually via a
    wireless local area network (WLAN) that allows the car to share internet access
    and data with other devices inside and outside the car.
    TCU
    Telematics control unit (TCU) is the embedded onboard system that controls wireless tracking, diagnostics
    and communication to and from the vehicle.

    It has the following components:

    - A satellite navigation system / GNSS unit


    - A microcontroller
    - A mobile networking unit
    - An external unit for cellular communication (GSM, GPRS, Wi-Fi, WiMax, LTE or 5G) which provides
    the tracked values to a centralized geographical information system (GIS) database server
    - A unit that processes electrical signals
    - A storage unit
    - Battery module
    Vehicle used for testing
    - Honda City 5th Generation
    Attack Surface

    GPS
    Software
    update

    OBD2
    Story
    What is a Telematics Gateway Unit?
    Telematics Gateway Unit – A Telematics Gateway Unit has a high-performing
    Application Processor Hardware Platform at its core. It offers various advantages
    when compared to a TCU. This includes higher data throughput and capacity to
    store offline data for a longer time.
    Google Ads
    Honda Connect
    Features of Honda Connect
    - Tire Deflation Alert - Find My Car - Live Car Location
    - Roadside Assistance - Remote Operations - Stolen Vehicle Tracking
    - Service Scheduler - Car Dashboard - Geo-Fence Alert
    - Payment Gateway - Share Car Location - Contextual Speeding
    - Trip Diary
    - Tow Away Alert Alert
    - Auto Crash Notification
    - Unauthorized Access
    Alert
    Interesting Features of Honda Connect
    - AC On/Off
    - Door Lock/Unlock
    - Boot Open
    - Car Finder
    Static Analysis
    Security Controls
    - Root Detection
    - SSL Pinning
    Tools of the trade
    - Genymotion
    - Frida
    - BurpSuite/Httptoolkit
    Getting started
    Bypassing the Root Detection
    Traffic Analysis
    MPIN
    Exploitation
    Disclosure
    AutoISAC

    Honda India
    Thank you
    Twitter : @mohammedshine8

    You might also like