Nowadays, more and more connected cars on the road, cars brought convenience experience and service to the users, but the hidden security risks and hidden dangers behind also will increase, after our penetration test was carried out on lots of connected cars, we summarized a set of remote control methodology for connected vehicles, can realize the case of contactless controlling cars, execution including locating, open/close the door, start/stop the engine. After further study, we could control the same series of cars?? which has relevant vulnerabilities.
Such threats for automobile manufacturers and car??s owners is very serious harm, at present, we found that this kind of attack methods affect more than 80% of connected car, the vulnerabilities were due to improper hardware design, code is not rigorous, system security configuration is not reasonable, the network isolation is not strict, identity authentication can be evaded. We will talk about this methodology in the speech with a large number of cases, some attack methods and their influence, and put forward the corresponding security recommendations, to ensure information security in the future cars.