Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59491' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59491' in /dati/webiit-old/includes/database.pgsql.inc on line 159 KOFFEE - Kia OFFensivE Exploit | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

KOFFEE - Kia OFFensivE Exploit

A recent study [6] claims that modern In-Vehicles Infotainment (IVI) systems mounts Linux or Android operating system (OS). Even though Linux provides several advantages, Android OS is going to impose its supremacy also in the automotive market [1]. This is mainly caused by the advantages that such OS provides in terms of features in the connected-car scenario. Several OEMs already mounts on their cars IVI with Android OS and others are going to do it soon, e.g., General Motors in 2021 [5]. In this paramount, years ago we have started our security research activity on possible vulnerabilities that IVI, mounting Android OS, may expose. Our initial studies were on after-market IVIs based on Android OS and we found important vulnerabilities [2],[3] on the devices that may allow for instance, an attacker to gain remote root privileges to the IVI. As next step, we moved our activity on a KIA C'eed car, which we bought in the summer of 2019 and we started reverse engineering starting from its HU based on Android. Our KIA C'eed is not connected to the Internet by default and does not have a telematic unit. However, it can be connected to the Internet through a smartphone, as hotspot mode, or 3G,4G and 5G dongle that generates a Wifi network in which the head unit is connected. In this report, we describe our exploit, named KOFFEE, perpetrated to a KIA C'eed. This is part of our research activity on offensive cybersecurity in the automotive domain. Therefore, we decided to not detail all aspects of our work in this report, instead of a full disclosure which would be considered as irresponsible to vehicle users. The full report will be released at a proper time in the year 2021 if things will go as planned.

 


2020

Autori IIT:

Tipo: Rapporto Tecnico
Area di disciplina: Information Technology and Communication Systems
IIT TR-20/2020

File: IIT-20-2020.pdf

Attività: Sicurezza di dispositivi mobili