Loading Events

« All Events

  • This event has passed.
Free

On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats

July 14 @ 18:00 - 19:00 CEST

PRESENTATION:

In this webinar we talk about, Protocol-Level Bluetooth Threats (PLBT), a novel and relevant class of threats for automotive security. Specifically, we explain what they are, why they are relevant, and how they can be evaluated on modern cars. We also report our PLBT evaluation results on five popular In-Vehicle Infotainment (IVI) units used by KIA, Toyota, Suzuki, and Skoda on cars manufactured between 2014 and 2021. For example, we show that is trivial to impersonate a trusted smartphone to commercial IVIs using an attack chain that we developed in recent years (KNOB+BIAS attacks). As a result of a successful impersonation, an attacker can exfiltrate sensitive data stored on the IVI and send malicious commands to the IVI without being detected.

We note that PLBTs are effective on any Bluetooth-enabled IVI as they exploit protocol flaws in the Bluetooth standard itself. Hence, we expect that the vast majority of the IVIs in the market is vulnerable to the KNOB+BIAS attack chain and other PLBTs. This fact should clearly motivate why it is important to investigate and fix PLBTs in the automotive industry.

For more information please refer to our research paper presented this year at the IEEE workshop on offensive technologies (WOOT) titled “On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats Webinar”. The paper is freely downloadable at https://hexhive.epfl.ch/publications/files/22WOOT.pdf

PRESENTER:

Daniele Antonioli is an Assistant Professor at EURECOM with the software and system security (S3) group. He is doing research and teaching in applied system security and privacy with an emphasis on wireless communication, such as Bluetooth and Wi-Fi, embedded systems, such as cars and fitness trackers, mobile systems such as smartphones, and cyber-physical systems such as industrial control systems. For more information visit Daniele’s personal website at https://francozappa.github.io

For more information about us, please have a look at our websites.
Daniele’s website: https://francozappa.github.io/
Mathias’s website: https://nebelwelt.net/

Presenter Slides: 20220714 Daniele Antonioli Presentation Slides

Details

Date:
July 14
Time:
18:00 - 19:00 CEST
Cost:
Free
Event Category:
Event Tags:
, , , , , , , , , ,
Website:
https://youtu.be/tqln99BHUzU

Venue

ONLINE

Organizer

Daniele Antonioli

©2022 ASRG is operated for the good of products everywhere and the people that drive them.

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account