In early September, we made it our goal to find as many vulnerabilities in as many car companies as possible. Over the next few months, we were able to remotely start/stop, lock/unlock, flash lights, open trunks, and honk the horns of all smart-enabled Toyota, Nissan, Infiniti, Genesis, Honda, Accura, and Lexus vehicles.
We gained intimate access to the internal networks of BMW and Mercedes-Benz, being authorized as fully permissioned SSO users with access to dealer portals, Github, Slack, and hundreds of mission critical applications.
We found systemic access control vulnerabilities affecting telematic and fleet-management companies, allowing us to dispatch and track police cars, ambulances, and truckers. Join us as we discuss our findings as web hackers attempting to hack the auto industry!
The talk would go into the methodology, research into automotive security and our outlook for future automotive security.