Vulnerabilities In Lexus And Toyota Cars Expose To Hacker Attacks Cybers Guards

Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same device is also used in other models, including the LS and ES series — revealed safety issues with the car’s Bluetooth and vehicle diagnostics functions. Those vulnerabilities may be misused to compromise the AVN and internal CAN network and related electronic control units (ECUs), according to Keen Security Lab. Also, the researchers said they were able to take control of the AVN device wirelessly without user intervention, then insert malicious CAN messages to trigger “physical actions” for the vehicle. However, the precise technical information relating to these vulnerabilities will only be published next year, researchers said. The Lexus AVN is composed of DCU (Display Control Unit) and MEU (Multimedia Extension Unit for Maps), with the DCU’s mainboard displaying attack surfaces such as Wi-Fi, Bluetooth, and USB interfaces. The DCU also interacts over CAN message with internal ECUs. The Chinese researchers leveraged two vulnerabilities to attack the Bluetooth in-vehicle service and gain root privileges for remote code execution in the DCU program. The issues include a readout of bound heap memory and a heap buffer overflow, all occurring before pairing in the process of creating Bluetooth connections. Because of these flaws, manipulation of Bluetooth is “completely touchless and interaction-less at proximity,” explains Keen Security Lab. An affected car’s Bluetooth MAC address might be sniffed over the air using the well-known “Ubertooth One” app if the DCU system previously paired with mobile phones. The DCU framework does not support safe booting, which allowed researchers to re-flash with malicious firmware on the uCOM board. Then, they used this to circumvent an existing filtering system for CAN messages. Malicious code can be installed on the DCU via the Bluetooth software, and it will remain on the device forever. The system will automatically connect the DCU to a Wi-Fi hotspot, and spawn an interactive root shell, allowing an attacker to send arbitrary Will messages to the CAN bus wirelessly. Toyota, who recognized the presence of these vulnerabilities, says certain Toyota vehicles also impaired by the use of “particular multimedia units.” Toyota says fixing these bugs requires not only multimedia device program experience but also a unique tool and proximity to a vehicle during the attack. The business has introduced steps to fix the vulnerabilities on the production line and says the affected in-market vehicles will receive a software update.