{"id":10593,"date":"2022-07-07T09:28:00","date_gmt":"2022-07-07T09:28:00","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?post_type=session&#038;p=10593"},"modified":"2024-09-03T02:19:48","modified_gmt":"2024-09-03T02:19:48","slug":"exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/","title":{"rendered":"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles"},"content":{"rendered":"<p><strong><a href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/materials\/D2T1%20-%20Exploiting%20the%20In-Vehicle%20Browser%20-%20A%20Novel%20Attack%20Vector%20in%20Autonomous%20Vehicles%20-%20Ravi%20Rajput.pdf\">PRESENTATION SLIDES<\/a><\/strong><\/p>\n<p style=\"text-align: justify;\">As the automobile industry accelerates towards the era of fully autonomous vehicles, the sophistication of in-vehicle entertainment systems, especially those integrating web browsers within the head unit, has dramatically increased. This integration not only enhances the user experience but also introduces significant security risks, potentially compromising driver privacy and vehicle safety. Despite the critical importance of these systems, there is a severe lack of resources dedicated to vulnerability research, browser fuzzing, and exploit creation targeting automobile browsers.<\/p>\n<p>Addressing this critical gap, our research delves into the unexplored domain of automobile browser security, showcasing the successful identification, submission, and mitigation of a browser vulnerability within an electric vehicle (EV) head unit. Focused on a customized Chromium browser embedded in one of the vehicle vendors that I had worked for in my past employment (real car), we present a detailed case study of creating a heap overflow exploit. This demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.<\/p>\n<p>Attendees will be given a comprehensive walkthrough of the exploit development process, starting from initial vulnerability research to the final creation of a heap overflow exploit. We will detail the tools and techniques employed, offering insights into the methodology used to uncover vulnerabilities in the Android Auto browser. Furthermore, the presentation will provide a roadmap for security researchers on how to set up a virtual environment for safe and effective exploit creation and testing, highlighting the practical aspects of cybersecurity research in the automotive context.<\/p>\n<p>This session stands out as a fundamental investigation of a novel attack vector in the automotive area, underscoring the urgent need for the industry to shift towards more robust cybersecurity measures. Through this discussion, we aim to catalyze the development of innovative security protocols and foster collaborative efforts among manufacturers, researchers, and cybersecurity professionals. Our goal is to navigate these emerging threats together, securing the future of transportation in the digital age and ensuring the safety and privacy of users in the era of autonomous vehicles.<\/p>\n","protected":false},"template":"","class_list":["post-10593","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles - HITBSecConf2024 - Bangkok<\/title>\n<meta name=\"description\" content=\"This demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles\" \/>\n<meta property=\"og:description\" content=\"his demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-03T02:19:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/06\/ravi-rajput.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/\",\"name\":\"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles - HITBSecConf2024 - Bangkok\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\"},\"datePublished\":\"2022-07-07T09:28:00+00:00\",\"dateModified\":\"2024-09-03T02:19:48+00:00\",\"description\":\"This demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\",\"name\":\"HITBSecConf2024 - Bangkok\",\"description\":\"August 26 - 30 @ InterContinental\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles - HITBSecConf2024 - Bangkok","description":"This demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/","og_locale":"en_US","og_type":"article","og_title":"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles","og_description":"his demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/","og_site_name":"HITBSecConf2024 - Bangkok","article_modified_time":"2024-09-03T02:19:48+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/06\/ravi-rajput.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/","name":"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles - HITBSecConf2024 - Bangkok","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website"},"datePublished":"2022-07-07T09:28:00+00:00","dateModified":"2024-09-03T02:19:48+00:00","description":"This demonstration revealed the vulnerability of such systems to sophisticated cyber-attacks, emphasizing the necessity for responsible disclosure and collaboration with manufacturers to enhance vehicle security.","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/exploiting-the-in-vehicle-browser-a-novel-attack-vector-in-autonomous-vehicles\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/"},{"@type":"ListItem","position":3,"name":"Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/","name":"HITBSecConf2024 - Bangkok","description":"August 26 - 30 @ InterContinental","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/session\/10593"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/types\/session"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media?parent=10593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}