Researchers recently showed how a drone can launch an attack via Wi-Fi to take full control of a Tesla’s infotainment by exploiting flaws in a 3rd party component. (These vulnerabilities have since been patched.)
<p style=\"font-weight: 400;\">Automotive manufacturers must design resilient and safety-critical systems with an attacker’s perspective in mind. Wi-Fi systems have been shown to be the weak spot when attacking infotainment and console systems, as seen in a <a href=\"https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/\" data-saferedirecturl=\"https://www.google.com/url?q=https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/&source=gmail&ust=1620215295845000&usg=AFQjCNEikX4ltfEDAkyOari0MITfmDmUqA\">different vulnerability found</a> last year in a 3<sup>rd</sup> party WiFi component used by Tesla. These systems are usually provided by 3<sup>rd</sup> party vendors (whether commercial or open-source), and contain a lot of complex network processing code, which is more prone to vulnerabilities. As such, they are an inherent and ongoing risk for users of modern infotainments, as they need to either provide a WiFi hotspot or connect to a mobile phone.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Unfortunately, manufacturers have a hard time detecting these vulnerabilities. This newest example is an unknown, zero-day vulnerability (as opposed to a known one) in 3<sup>rd</sup> party software they use. Attackers commonly look for vulnerabilities in 3<sup>rd</sup> party software such as OSS components and then exploit them to control the device that uses them, in this case, the Tesla infotainment.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Manufacturers need to invest in the early detection of vulnerabilities, particularly given the large number of 3<sup>rd</sup> party components used in the modern car. The most efficient, scalable way to do this is to employ automated security tools to scan 3<sup>rd</sup> party software components in their source or binary form for unknown, zero-day vulnerabilities (not CVEs). Bug-bounty programs, using manual research methods, can also help identify specific issues.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Unless car manufacturers start tackling this vulnerability problem head-on, we believe there will be significant repercussions for automotive security and safety, especially in autonomous vehicles. This particular vulnerability is a rather ordinary buffer-overflow vulnerability that could have been detected by existing automated code analysis tools. It is this kind of low-hanging fruit that should be dealt with to raise the bar for attackers.</p>
<p style=\"font-weight: 400;\">Automotive manufacturers must design resilient and safety-critical systems with an attacker’s perspective in mind. Wi-Fi systems have been shown to be the weak spot when attacking infotainment and console systems, as seen in a <a href=\"https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/\" data-saferedirecturl=\"https://www.google.com/url?q=https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s/&source=gmail&ust=1620215295845000&usg=AFQjCNEikX4ltfEDAkyOari0MITfmDmUqA\">different vulnerability found</a> last year in a 3<sup>rd</sup> party WiFi component used by Tesla. These systems are usually provided by 3<sup>rd</sup> party vendors (whether commercial or open-source), and contain a lot of complex network processing code, which is more prone to vulnerabilities. As such, they are an inherent and ongoing risk for users of modern infotainments, as they need to either provide a WiFi hotspot or connect to a mobile phone.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Unfortunately, manufacturers have a hard time detecting these vulnerabilities. This newest example is an unknown, zero-day vulnerability (as opposed to a known one) in 3<sup>rd</sup> party software they use. Attackers commonly look for vulnerabilities in 3<sup>rd</sup> party software such as OSS components and then exploit them to control the device that uses them, in this case, the Tesla infotainment.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Manufacturers need to invest in the early detection of vulnerabilities, particularly given the large number of 3<sup>rd</sup> party components used in the modern car. The most efficient, scalable way to do this is to employ automated security tools to scan 3<sup>rd</sup> party software components in their source or binary form for unknown, zero-day vulnerabilities (not CVEs). Bug-bounty programs, using manual research methods, can also help identify specific issues.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Unless car manufacturers start tackling this vulnerability problem head-on, we believe there will be significant repercussions for automotive security and safety, especially in autonomous vehicles. This particular vulnerability is a rather ordinary buffer-overflow vulnerability that could have been detected by existing automated code analysis tools. It is this kind of low-hanging fruit that should be dealt with to raise the bar for attackers.</p>