Payatu Case Study | Automotive Security Assessment | EV Security Testing

Payatu

26 Apr 202309:01

Summary

TLDRThis video covers the assessment of hardware security vulnerabilities in electric vehicles (EVs), focusing on protocols like CAN, UART, JTAG, and Bluetooth. The speaker, a lead IoT security consultant, explains their process for testing EV devices, identifying critical vulnerabilities like outdated Android systems and insecure ADB access. They also discuss the use of professional tools to perform these assessments, emphasizing the importance of comprehensive testing under tight deadlines. The findings include risks that could lead to financial loss, physical harm, and trust erosion, urging companies to conduct regular security audits.

Takeaways

🔒 The speaker is a lead IoT security consultant and hardware security researcher, focusing on securing devices from a hardware perspective.
🔍 As a consultant, they conduct hardware testing of client devices, provide remediation steps, and ensure device security.
💻 As a researcher, they analyze various IoT devices, such as medical devices, to stay updated with vulnerabilities and improve testing processes.
🚗 The client operates in the EV (electric vehicle) sector, requiring a security assessment of their device, particularly its communication protocols.
🛡️ CAN protocol, commonly used in automotive applications, is highlighted for its speed and importance in critical communication, like airbags.
🔧 The hardware assessment involved identifying debug ports (e.g., UART, JTAG) that could allow firmware extraction and malicious firmware injection.
📡 The team also sniffed communication protocols like SPI, I2C, and CAN to detect vulnerabilities, including potential data injection over the CAN bus.
📱 A mobile Android app communicating with the EV dashboard was tested for sensitive data leaks and Bluetooth security issues, including replay attacks.
⚠️ Critical vulnerabilities included outdated Android systems on the EV hardware and unauthorized ADB shell access, posing significant security risks.
🚨 Four high-severity vulnerabilities were found, including DoS attacks on the CAN bus, malicious packet injection, and exposure of sensitive boot logs.

Q & A

What is the primary role of a lead IoT security consultant?
-A lead IoT security consultant is responsible for overseeing the security of client devices from a hardware perspective, conducting hardware testing, and suggesting remediation steps to enhance device security.
How does a hardware security researcher contribute to IoT device security?
-A hardware security researcher contributes by researching various devices like medical or IoT devices to identify and understand emerging vulnerabilities, ensuring that testing processes remain current and effective.
Why is it important for the EV sector to conduct security assessments?
-Security assessments are crucial in the EV sector due to the implementation of numerous communication protocols in EV devices, which if compromised, could lead to serious security and safety issues.
What is the significance of the CAN protocol in automotive security?
-The CAN protocol is significant in automotive security because it is a fast communication protocol used for critical vehicle functions, such as airbag deployment during sudden braking, requiring quick and reliable communication.
What kind of vulnerabilities were discovered during the hardware assessment of the EV device?
-The hardware assessment revealed vulnerabilities such as the possibility of firmware extraction from debug ports like UART or JTAG, and the ability to inject malicious data over communication protocols like SPI, I2C, and CAN.
How was the firmware extracted from the SPH chip during the assessment?
-The firmware was successfully extracted from the SPH chip by identifying and exploiting its vulnerabilities, which allowed for the potential patching of malicious firmware.
What tools and techniques were used to perform the hardware assessment on the EV device?
-Tools such as the exploit Nano board for firmware extraction, Bus Auditor for identifying debug ports, and Bluetooth adapters for communication sniffing were used. Techniques included checking for firmware extraction methods, sniffing wire communication, and analyzing Bluetooth data.
What challenges did the team face during the security assessment of the EV device?
-The team faced challenges such as working within tight deadlines to perform comprehensive testing, covering all areas identified in a large checklist to ensure a thorough security assessment.
What were the critical vulnerabilities found in the EV hardware during the assessment?
-Two critical vulnerabilities were identified: access to the ADB shell which provided complete device control, and the outdated Android version running on the EV hardware, which contained numerous security vulnerabilities.
How did the team approach the firmware assessment of the EV device?
-The firmware assessment was conducted using a proprietary framework, focusing on areas such as sensitive information leakage, Bluetooth communication security, and potential for malicious data injection.
What advice does the security professional give to organizations regarding EV security?
-The security professional advises organizations to conduct comprehensive security assessments of their EV systems, keep up with security updates, and perform regular assessments to ensure the devices are well protected against potential threats.

Outlines

00:00

🔍 Comprehensive EV Security Assessment

The speaker, a lead IoT security consultant and hardware security researcher, discusses their role in ensuring the security of electronic devices, particularly in the electronic vehicle (EV) sector. They highlight the importance of hardware testing and staying updated with market vulnerabilities. The client, from the EV sector, seeks a security assessment due to the numerous communication protocols implemented in EVs. The assessment includes a broad range of tests, from radio protocols to hardware and firmware, focusing on the CAN protocol's speed and its critical role in automotive communications. The team checks for vulnerabilities such as debug ports, firmware extraction, and communication protocol sniffing. They also investigate the Android application's security for potential data leaks and Bluetooth communication's susceptibility to replay attacks. Professional tools like the exploit Nano board and bus auditor are utilized in this comprehensive hardware and firmware assessment.

05:01

🚨 Critical Vulnerabilities in EV Hardware

The speaker details the challenges faced during the hardware assessment of an EV, particularly the tight deadline and the need for a comprehensive test. They categorize the vulnerabilities found in the EV based on the CVSS score, identifying two critical vulnerabilities: unrestricted access to the ADB shell and outdated Android hardware with multiple security flaws. Additionally, four high-severity vulnerabilities are found, including I2C chip data extraction, CAN protocol DoS attacks, and dashboard boot logs exposing sensitive information. The speaker emphasizes the potential disastrous impact of these vulnerabilities on organizations, possibly leading to physical harm or significant financial loss. They advise regular security assessments and keeping the EV system updated to maintain trust and safety in the market.

Mindmap

Keywords

💡IoT Security Consultant

An IoT Security Consultant is a professional who specializes in the security of Internet of Things (IoT) devices. They assess and enhance the security measures of IoT devices to protect them from potential cyber threats. In the video, the consultant is responsible for conducting hardware testing of client devices and suggesting remediation steps to improve security, which is crucial in the context of the video as it discusses the vulnerabilities in electronic vehicles (EVs) and the importance of safeguarding them against attacks.

💡Hardware Security Researcher

A Hardware Security Researcher investigates the security aspects of physical devices and their components. They identify potential vulnerabilities and suggest improvements to hardware designs to enhance security. In the video, the researcher is involved in studying various devices, including medical and IoT devices, to stay updated with emerging vulnerabilities in the market, which is directly related to the theme of the video as it discusses the security assessment of EVs.

💡EV Market

The EV Market refers to the sector focused on electric vehicles, which is rapidly growing due to government policies and incentives aimed at combating climate change and reducing greenhouse gas emissions. The video script mentions that the client belongs to the EV sector, emphasizing the importance of security assessments for devices in this market, as they often incorporate numerous communication protocols that could be targeted by cyber threats.

💡CAN Protocol

The CAN (Controller Area Network) Protocol is a high-speed communication protocol primarily used in automotive systems. It enables fast and reliable communication between various vehicle components. In the video, the CAN protocol is highlighted as a critical component in EVs for immediate responses, such as airbag deployment during sudden braking, illustrating its relevance to the video's theme of ensuring fast and secure communication within EV systems.

💡Firmware

Firmware refers to the software that is embedded in hardware devices and is responsible for their operation. It can be updated or extracted for analysis to ensure device functionality and security. The video discusses the extraction of firmware from an SPH chip found in the EV's dashboard, which was vulnerable to malicious firmware patching, underscoring the importance of firmware security in the context of the video.

💡Debug Ports

Debug Ports are physical interfaces on hardware devices that allow for testing, debugging, and firmware extraction. They can pose security risks if not secured properly. The video mentions checking for enabled debug ports like UART or JTAG, which could lead to firmware extraction and potential device compromise, highlighting the significance of these ports in hardware security assessments.

💡Bluetooth Communication

Bluetooth Communication refers to the wireless technology used for data transfer between devices over short distances. In the video, the team investigates the Bluetooth communication of the EV to check for data transmission security, data manipulation, and the possibility of replay attacks, which is a critical aspect of ensuring the overall security of the EV system.

💡CVSS Score

CVSS (Common Vulnerability Scoring System) Score is a standardized scoring system used to assess the severity of software vulnerabilities. In the video, the speaker divides the identified vulnerabilities into 'critical' and 'high' based on their CVSS scores, indicating the severity of the issues found during the security assessment of the EV, which is a key part of the video's narrative on the importance of regular security checks.

💡Black Box Assessment

A Black Box Assessment is a security testing method where the internal workings of a system are not known to the tester, and the focus is on finding vulnerabilities from an external perspective. The video mentions conducting an assessment from a black box perspective, simulating an attacker's point of view to uncover potential entry points and vulnerabilities in the EV system.

💡Security Updates

Security Updates are patches or improvements made to software or hardware to fix security vulnerabilities and enhance protection against threats. The video concludes with a recommendation for regular security assessments and keeping systems updated with the latest security updates, emphasizing the ongoing nature of security in the context of rapidly evolving cyber threats.

Highlights

Introduction of the speaker's role as a lead IoT security consultant and hardware security researcher.

Description of the hardware testing process for client devices to ensure security.

Role of the hardware security researcher in researching vulnerabilities in various devices.

The growing market of electric vehicles (EV) and the importance of security assessment.

Explanation of the communication protocols implemented in EVs for security assessment.

The significance of the CAN protocol in automotives for fast communication.

Comprehensive list of test cases for hardware assessment of EVs.

Checking for debug ports like UART or JTAG to prevent firmware extraction.

Firmware extraction from the SPH chip and its vulnerabilities.

Sniffing wire communication protocols like SPI, I2C, and CAN for security assessment.

Assessment of the Android application for the EV's dashboard communication.

Sniffing and analyzing Bluetooth communication for potential security vulnerabilities.

Use of professional tools like exploit Nano board and Bus Auditor for hardware assessment.

Challenges faced by the team in conducting comprehensive tests within tight deadlines.

Identification of two critical vulnerabilities in the EV hardware assessment.

Finding of four high-severity vulnerabilities that could lead to device manipulation.

Recommendation for regular security assessments to ensure EV system protection.

Emphasis on the potential disastrous consequences of unaddressed vulnerabilities in EVs.