DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, Jonghyuk Song

7,332

87 0

Published 2023-09-16

Recently, automotive industry is performing USB fuzzing in an inefficient way for automobiles. Usually, fuzzing is performed by commercial media fuzzers, but the fuzzers are not directly connected to the vehicle during fuzzing. So, it requires much manual efforts of testers.

In this talk, we propose efficient way to perform USB fuzzing to actual vehicles. We describe how to perform USB fuzzing to kernel area fuzzing as well as media fuzzing by directly connecting the fuzzer and the car with a USB cable. By this method, we found real-world vulnerabilities in Volkswagen Jetta, Renault Zoe, GM Chevrolet Equinox, and AGL.

All Comments (4)

@sirmam4444 10 months ago

Huge respect for giving this talk in a non native language.
@loicminois8072 9 months ago

Thanks for this shared fuzzing expertise ! For the CVE-2023-39075, the type mentionned is kernel, but which kernel component is vulnerable ? Because, the cpe identified is the OS cpe:2.3:o:renault:zoe_ev_2021_firmware:*:*:*:*:*:*:*:* , but not a kernel component ?
@anonsforever_ 10 months ago

❤