汽车安全
汽车信息安全事件时间轴: timeline.icvsec.com
漏洞
- KIA-SELTOS-Cluster-Vulnerabilities: KIA SELTOS Cluster Exploitation
- Zero Day Initiative — Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System
- Hacking Kia: Remotely Controlling Cars With Just a License Plate
- A vehicle firmware security vulnerability: an IVI exploitation | Journal of Computer Virology and Hacking Techniques
- Vulnerabilities in Skoda and Volkswagen vehicles
- How I Also Hacked my Car
- Extracting Secure Onboard Communication (SecOC) keys from a 2021 Toyota RAV4 Prime Power
- Pwning my Friends New Car: Digital Cockpit sKiddie Rooting
- Hyundai Head Unit Hacking · random hacks Standard-class Gen5 navigation
- ASRG-China 社区发现三一重工等企业T-Box超危漏洞
- CHIMAERA (Custom Hyundai Motor group infotAinmEnt fiRmwAre) is a set of issues that we found on the Gen5W_L In-Vehicle Infotainment system
- KOFFEE:An Android app for Kia Gen5 Head Units (HUs) that is built to exploit the vulnerability (CVE-2020-853)
- CAN Injection: keyless car theft
- Disclosing the Pringles Syndrome in Tesla FSD Vehicles
- Hacking into Toyota’s global supplier management network
- How Mishandling of WebSockets Can Cause DoS and Energy Theft
- Kia, Hyundai sued after viral TikTok causes rise in thefts
- Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
- Back-connect to the Connected Car. Search for Vulnerabilities in the VW Electric Car.
- A vulnerability affecting Hyundai and Genesis vehicles where we could remotely control car
- SiriusXM IDOR vulnerablity exposed vehicle token,that make unauthorized remotely control Honda, Nissan, Infiniti, and Acura vehicles
- RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
- Reverse engineering an EV charger
- Bypassing the Renesas RH850/P1M-E read protection using fault injection Github
- Multiple Memory Corruption Vulnerabilities in COVESA DLT daemon
- TesMla: An app to complete man in the middle attack with Tesla Model 3
- NFC Relay Attack on TESLA Model Y Video
- How I Hacked my Car 在谷歌搜到几段密钥,就破解了自己的汽车?
- Rolling PWN: RF key rolling code resync
- Demystifying Tesla’s Bluetooth Passive Entry System slides
- How I got access to 25+ Tesla’s around the world. By accident. And curiosity
- Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
- 【KeenLab Tech Talk(三)】Android Auto 中一个普通的堆漏洞
- Car hijacking swapping a single bit
- 腾讯科恩实验室:梅赛德斯-奔驰汽车信息安全研究综述报告 技术白皮书
- TBONE – A zero-click exploit for Tesla MCUs
- BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks
- CVE-2020-8539: KIA Head Unit vulnerability EXP
- Hacking Hyundai Tucson 2020 · random hacks
- UnsignedFlash: Firmware signature bypass on the IC204 instrument clusters
- 特斯拉 model X 蓝牙钥匙漏洞 WIRED slides
- 特斯拉 NFC 中继攻击(CVE-2020-15912)
- CVE-2021-43327 Renesas RX65 Glitching
- CVE-2020-28656: A code signing bypass for the VW Polo
- CVE-2020-10558: Tesla Model 3 Vulnerability – Disable Autopilot Notifications, Speedometer, Web Browser, Climate Controls, Turn Signals, Nav, etc.
- CVE-2018-16806: 特斯拉 Model S PKES 使用脆弱的 DST40 加密算法 Sildes WIRED AGAIN
- Reverse Engineering Tesla Hardware
- Reverse Engineering the Tesla Firmware Update Process
- Texas Instruments DST80 encryption vulnerable WIRED
- CVE-2020-16142: 奔驰蓝牙名 %x%x%x%x%x%x%x%x%x 处理异常
- CVE-2017-9212: 宝马蓝牙名 %x%x%x%x 处理异常
- Regular Exploitation of a Tesla Model 3 through Chromium RegExp
- 360 Sky-Go团队发布《梅赛德斯-奔驰安全研究报告》
- 腾讯科恩实验室:雷克萨斯汽车安全研究综述报告
- 福特、宝马、英菲尼迪和日产汽车TCU存在漏洞,可被远程入侵 Video Slides
- R7-2017-02: Hyundai Blue Link Potential Info Disclosure
- mazda_getInfo: A PoC that the USB port is an attack surface for a Mazda car’s infotainment system
- TBOX | Hacking industrial vehicles from the internet 公网暴露设备 C4MAX-3GNA Installation Guide
- Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps
- A Security Analysis of an In-Vehicle Infotainment and App Platform(MirrorLink) Paper Sildes
- CVE-2017-14937: Vulnerability in pyrotechnical control units (Airbags) of passenger cars EXP
- Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
- OpenSesame attacks wireless garages and can open most fixed-code garages and gates in seconds using a Mattel toy
- Gone in six seconds? Exploiting car alarms
- OBDeleven vulnerability
- A Remote Attack on the Bosch Drivelog Connector Dongle 译文
- The secret life of GPS trackers (2/2)
- The secret life of GPS trackers (1/2)
- wooyun-2015-0143278: 无线安全之绕过比亚迪某款汽车滚动码继续破车锁
- HackRF vs. Tesla Model S
- Happy Hacking Toyota Touch&Go More
充电桩漏洞
- Multiple vulnerabilities in Enel X JuiceBox (Waybox) Pro & Plus 3.0 charger
- Low Energy to High Energy: Hacking Nearby EV-Chargers Over Bluetooth Video
- Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud…)
- Pwn2Own Automotive 2024: Hacking the JuiceBox 40
- Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger
- 充电桩漏洞挖掘实践
- Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses
- Smart car chargers. Plug-n-play for hackers
- 施耐德充电桩漏洞挖掘之旅
- Authentication bypass & Remote code execution in Schneider Electric EVlink Charging Stations Notification
- X-in-the-Middle : Attacking Fast Charging Electric Vehicles
- Pwning a Smart Car Charger, Building a Botnet
- V2GInjector - Tool to intrude a V2G PowerLine network, but also to capture and inject V2G packets
- cir-pwn-life:proof of concept for exploiting multiple vulnerabilities affecting Circontrol products in an automated way
- Security Notification – EVLink Parking
- ChargePoint Home security research
- e 充电 “捏枪法”、“卡秒法” 案例
其他漏洞
- MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles
- Take a glance of browser, I find Cybellum RCE Security Update | Cybellum
- Sears Garage Door Signal Reverse Engineering
隐私与数据安全
- Cars | Privacy & security guide | Mozilla Foundation
- Privacy Investigation: Chinese Electric Vehicle Exports
技术研究
- Vehicle On-Board Charging Security Scanner
- Secure Boot verification on TriCore
- Reverse engineering a car key fob signal (Part 1)
- tesla-charge-port-signal: Guided reverse engineering of Tesla’s charge port remote control signal
- Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer | USENIX
- Security of connected vehicles
- 2022数字中国车联网安全CTF writeup - uds_server
- Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks
- You Can’t See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks
- Hacking an Audi: performing a man-in-the-middle attack on FlexRay
- BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks?
- Bypassing the Renesas RH850/P1M-E read protection using fault injection
- Automotive and Autonomous Vehicle Security (AutoSec) Workshop 2022
- BMW F Series Gear Selector, Part One: Failures Part Two: Breakthrough Part Three: Success
- CANCAN: Encapsulation of CAN-FD Messages for Circumvention of Security Measures Paper
- Dumping old ECUs
- How the firmware updates work on Toyota Touch & Go
- How to decrypt car firmware in unknown format
- Analyzing and Securing SOME/IP Automotive Services with Formal and Practical Methods
- Power jacking your station: In-depth security analysis of electric vehicle charging station management systems 译文
- Beneath the Bonnet: a Breakdown of Diagnostic Security
- Securing Inter-Processor Communication in Automotive ECUs
- mqb-soundaktor: 010 Editor template to parse the contents of MQB Soundaktor data
- Hacking a VW Golf Power Steering ECU
- VW Transport Protocol 2.0 (TP 2.0) for CAN bus
- BMW Connected Apps Protocol翻译
- Building a Car Hacking Development Workbench
- AD & CV Systems Security - CVAnalyzer
- CANHunter:a tool for extracting CAN bus commands from car companion mobile apps
- mib2-toolbox: Building a new install method · Issue #122
- Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
- Tesla Model 3 US – LTE modem replacement (And some reverse engineering)
- Practical CANBUS Reversing - Understanding the Ducati Monster
- Adventures with the Ducati CAN bus
- 该如何打下一台智能汽车
- 一类TBOX的介绍(有拿权限思路)
- 浅谈4G通信模组在车联网领域的攻击场景
- EC20 - Qualcomm Linux Modems by Quectel & Co - Open Source Mobile Communications
- Poking at the Tesla Model 3 MCU and a closer look at its eMMC
- Hacking QNX systems over QCONN
- 黑客是如何从T-Box接入车厂内网的
- Hacking my Tesla Model 3 - Security Overview
- Hacking my Tesla Model 3 - Internal API
- Hacking my Tesla Model 3 - Software Modes
- Reverse Engineering the Tesla Firmware Update Process
- 一次针对车联网平台恶意攻击行为的溯源分析
- 国内在线车联网平台(道路运输车辆卫星定位系统)安全威胁分析报告
- Remote Car Hacking
- Adventures in Automotive Networks and Control Units
- 智能汽车安全风险及防护技术分析
- Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study
- Hacking a Tesla Model S: What we found and what we learned
- Tesla Model 3 US – LTE modem replacement (And some reverse engineering)
- Solving my truck’s TPMS sensor problem with the help of an RTL-SDR dongle
- Truck Hacking: An Experimental Analysis of the SAE J1939 Standard
- Automotive Embedded Systems Security (CAESS)
- AUTOMOTIVE FIRMWARE EXTRACTION AND ANALYSIS TECHNIQUE
- Experimental Security Analysis of a Modern Automobile
- opengarages.org
- illmatics
会议
论文
- Physical Backdoor Attack can Jeopardize Driving with Vision-Large-Language Models
- MadRadar: A Black-Box Physical Layer Attack Framework on mmWave Automotive FMCW Radars
- Brokenwire Attack
- Trusted Operations of a Military Ground Robot in the Face of Man-in-the-Middle Cyberattacks Using Deep Learning Convolutional Neural Networks: Real-Time Experimental Outcomes
- ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs Github
- Cooperative Perception for Safe Control of Autonomous Vehicles under LiDAR Spoofing Attacks
- Lock It and Still Lose It —on the (In)Security of Automotive Remote Keyless Entry Systems
- CANvas: Fast and Inexpensive Automotive Network Mapping
- Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols
- Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging
- CANARY - a reactive defense mechanism for Controller Area Networks based on Active RelaYs
标准
- GB 44495-2024 汽车整车信息安全技术要求 征求意见稿
- GB 44496-2024 汽车软件升级通用技术要求 征求意见稿
- GB 44497-2024 智能网联汽车 自动驾驶数据记录系统
- GB/T 44464-2024 汽车数据通用要求
- ISO 26262 Road vehicles — Functional safety
- SAE J3601 Cybersecurity Guidebook for Cyber-Physical Vehicle System
- ISO/SAE 21434 Road vehicles — Cybersecurity engineering
- ISO/PAS 5112:2022 Road vehicles — Guidelines for auditing cybersecurity engineering
- WP.29 R155 Cyber security and Cyber Security Management System
- WP.29 R156 Software Update Management System
- ISO 21448 SOTIF(预期功能安全)
- GB 智能网联汽车时空数据安全处理基本要求 征求意见
- GB 智能网联汽车时空数据传感系统安全基本要求 征求意见稿
- GB/T 44774-2024 汽车信息安全应急响应管理规范
- GB/T 41871-2022 信息安全技术 汽车数据处理安全要求
- T/CSAE 252—2022 智能网联汽车车载端信息安全测试规程
- GB/T 40855-2021 电动汽车远程服务与管理系统信息安全技术要求及试验方法
- GB/T 40856-2021 车载信息交互系统信息安全技术要求及试验方法
- GB/T 40857-2021 汽车网关信息安全技术要求及试验方法
- GB/T 40861-2021 汽车信息安全通用技术要求
- GB/T 38628-2020 信息安全技术 汽车电子系统网络安全指南
- GB/T 41578-2022 电动汽车充电系统信息安全技术要求及试验方法 征求意见稿
- T/CEC 208—2019 电动汽车充电设施信息安全技术规范
- TC260-PG-20241A 网络安全标准实践指南—车外画面局部轮廓化处理效果验证
- T/CCSA 339—2021 车联网网络安全防护定级备案实施指南
- GB/T 车联网安全管理接口规范
- GB/T 39603-2020 缺陷汽车产品召回效果评估指南
- GB/T 汽车产品召回 生产者指南 征求意见稿
- GB/T 汽车产品召回 信息缺陷评估指南 征求意见稿
- GB/T 基于远程升级技术的汽车产品召回实施要求 征求意见稿
法规
- 工业和信息化部办公厅 公安部办公厅 交通运输部办公厅 应急管理部办公厅 国家市场监督管理总局办公厅关于进一步加强新能源汽车企业安全体系建设的指导意见
- 工业和信息化部关于加强智能网联汽车生产企业及产品准入管理的意见
- 网络数据安全管理条例(征求意见稿)
- 工业和信息化部关于加强车联网卡实名登记管理的通知
- 工业和信息化部关于加强车联网网络安全和数据安全工作的通知
- 关于开展汽车数据安全、网络安全等自查工作的通知
- 汽车数据安全管理若干规定(试行)
- 信息安全技术 网联汽车 采集数据的安全要求
- 市场监管总局质量发展局关于汽车远程升级(OTA)技术召回备案的补充通知
- 市场监管总局办公厅关于进一步加强汽车远程升级(OTA)技术召回监管的通知
- 道路机动车辆生产企业及产品准入管理办法 办事指南
- 网络产品安全漏洞管理规定
部委通知公告
白皮书
- Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN R155 Attack Vectors and Beyond
- 腾讯安全《车联网数据安全体系建设指南》 附件
- CSTC 智能网联汽车安全渗透白皮书 3.0(2022年)
- CSTC 智能网联汽车安全渗透白皮书 2.0(2021年)
- CSTC 智能网联汽车安全渗透白皮书(2020年)
- 车联网白皮书(C-V2X分册)2019
- 《智能网联汽车信息安全评测白皮书 2019》
- 汽车电子网络安全标准化白皮书 2018