2024-10-23 –, Europe - Main Room
This paper examines Intelligent Connected Vehicles (ICVs) by focusing on their architecture, capabilities, and security vulnerabilities.
To begin with, we analyze vehicle systems and assess hardware such as the T-Box and IVI for shell access. Furthermore, we detail methods for gaining elevated permissions within ICV systems, which include collecting network configurations and accessing critical components like the Driver Monitoring System (DMS) and Main Camera System (MCS). Our file analysis of nine ICV systems reveals significant information leaks, including certificates and private keys, while also identifying vulnerabilities in communication logic and memory management. Notably, key threats arise from remote operation risks via compromised T-Boxes and the potential exploitation of the Controller Area Network (CAN) interface, which could allow manipulation of vehicle control systems. Overall, this research underscores the urgent need for enhanced security measures in the design and implementation of ICVs.
SHIHAO XUE is Engineer of CATARC Automotive Data of China Co., Ltd.He mainly engages in research on communication protocols for automotive components, focusing on vehicle protocol technologies such as Ethernet and CAN networks.
In recent years, he has supported key industry enterprises in conducting research related to communication software testing.
YUQIAO NING is the Technical Director of CATARC Automotive Data of China Co., Ltd. He has extensive experience in computer systems and software security research. In his current role, he is primarily responsible for pioneering research in automotive penetration technology and the development of automated detection tools.His work focuses on analyzing security risks within automotive open-source software, with a particular emphasis on understanding the critical intersection of automotive security vulnerabilities and functional safety. He has played a pivotal role in organizing numerous automotive information security attack and defense challenges, contributing significantly to the advancement of safer and more secure automotive technologies.Furthermore, He has played an instrumental role in shaping national automotive information security standards, contributing to the drafting of several key national standards.