All Your Fleet Are Belong To Us: Vulnerabilities in Fleet Management Systems

No ratings

Presented at BSidesPittsburg 2017 by

Dan Klinedinst

Organizations that operate fleets of vehicles are increasingly using Internet-connected devices in those vehicles to manage them. I will demonstrate some specific vulnerabilities in such systems that could allow an attacker to track and/or control a large number of the vehicles in a given fleet. Most of the presentation will consist of methods for assessing various components of these telematics systems. Specifically, we will look at examining cellular communications via a homemade base station (IMSI catcher), abusing SMS and cellular data communications, reverse engineering ARM firmware, and sniffing traffic on circuit boards with an oscilloscope and logic analyzer. Finally, I will discuss how to exploit these systems to achieve fleet tracking, theft, and potentially control of the vehicles.