Etienne CHARRON
Security researcher at Ampere Software Technology's pentest lab (focus on vulnerability detection in automotive embedded systems).
Session
10-24
09:00
30min
Audit and retrospective of an automotive application: Carplay
Etienne CHARRON, Khadim
In this presentation, we share the methodology used during a security audit of the Carplay application. This application exposes services to external car interfaces through Bluetooth and Wi-Fi. Our work focused on identifying vulnerabilities that could lead to compromise the multimedia equipment, by an attacker already connected to the car's Wi-Fi hotspot.
During this analysis, we present how we identified the function responsible for parsing external data sent to the car, how we fuzzed it and discovered a bug already known by Apple (CVE 2023-23494).
topic: hack.lu
Europe