Hackers used Lexus and Toyota vulnerabilities to launch remote cyber attacks

Researchers from Tencent Keen Security Lab found that hackers may use vulnerabilities in Lexus and Toyota cars to launch remote network attacks on affected vehicles.

It is reported that researchers recently studied the Audio, Visual and Navigation (AVN) in the 2017 Lexus NX300. The AVN system is also used in other models of vehicles including the LS and ES series. They found that the Bluetooth function and vehicles on the car have a security issue with the diagnostic function. According to Tencent Keen Security Lab, hackers can use these flaws to damage the AVN system and the CAN network inside the car and the related electronic control units (ECU).

In addition, the researchers also said that for this vulnerability, hackers can control the AVN unit system without user interaction, and then inject malicious CAN information to make the car perform “physical actions.” It is reported that the Lexus AVN system is composed of DCU (display control unit) and MEU (multimedia expansion unit for maps). The mainboard of the DCU will expose the attack surface such as Wi-Fi, Bluetooth and USB interfaces. At the same time, the DCU can also communicate with the internal through CAN messages. The researchers said that specific technical details related to these vulnerabilities will be made public next year.

“CARS: Toyota”by GD Taber is licensed under CC BY-NC-ND 2.0

In the research, the researchers used these two vulnerabilities to attack the vehicle-mounted Bluetooth service and implemented remote code execution tasks in the DCU system with root privileges. According to the summary, the current vulnerability problem is in the process of creating a Bluetooth connection. If the DCU system in the car has been paired with a mobile phone before, then hackers can use the well-known “Ubertooth One” device to sniff the affected car wirelessly Bluetooth MAC address. Since the DCU system does not support secure boot, this allows researchers to refresh the UCOM board with malicious firmware to bypass the existing CAN information filtering mechanism.

At present, Toyota has taken measures to resolve this loophole in the production line and said that it has provided software update services for the affected vehicles. At the same time, Toyota also stated that, according to the description of Keen Labs, during the exploitation of the vulnerability, hackers could not control the steering, steering, and throttle of the steering wheel. Moreover, if a hacker wants to exploit this vulnerability, not only the expertise of the multimedia system software but also specific special tools are required, and it must be close to the vehicle during the attack. Therefore, Toyota believes that the process of exploiting this loophole is very complicated, and the possibility of meeting all conditions in the real world is relatively low.