当前位置:首页 > 报告详情

从低功耗到高功耗:通过蓝牙破解附近的电动汽车充电器.pdf

上传人: 竿*** 编号:981580 2025-11-29 96页 34.27MB

1、Low Energy to High Energy:Hacking Nearby EV-Chargers Over BluetoothThijs Alkemade&Khaled Nassar Computest Sector 7Introduction1.Be in Bluetooth/WiFi range 2.?3.Execute arbitrary code on the chargerAbout usWe are:Khaled Nassar notkmhn Thijs Alkemade infosec.exchange/xnyhps Daan Keuper daankeuper Work

2、ing for Computest in The NetherlandsPwn2Own AutomotivePwn2Own Automotive First time January 2024 in Tokyo In scope:Tesla Infotainment systems Automotive operating systems EV chargersEV chargersLevel 2 chargers Targeted at the home market All of them come with these features Connectivity(WiFi/Etherne

3、t)Scheduling Usage monitoringEV chargersInitially,we thought chargers would be well secured:New product category Limited communication interfaces Safety regulationsSmart EV Charging Station with WiFiJuiceBox 40JuiceBox 40BLE(provisioning)WiFiJuiceBox 40Based on the Zentri IoT platform AMW006 or WGM1

4、60P module Both are ARM Cortex-M4 based MCUs Gecko OS 4.2.7(?)There is an admin interface,with some commands?Accessible in setup mode over HTTP And accessible during standard operation over port 2000,telnet style!No authenticationZentri DMSManaged IoT platform Specific hardware modules,providing Upd

5、ate management Device identification and authn,z Core OS+SDK bindings for app development Extensive APIZentri DMSJuiceBox runs on an RTOS called“Gecko OS”Note:this OS is EOL!Firmware blobs are downloadable!We could investigate these before the device arrivedJuiceBox 40(CVE-2024-23938)Gecko OS logs m

6、essages when certain events occur It is possible to change the format of these messages using a set variable command Limited to 32 characters per message template including a terminating NULL byte Support for different formatting tags per event typeJuiceBox 40(CVE-2024-23938)char scratch_buffer132;c

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据标记内容,全文主要探讨了通过蓝牙黑客近邻电动汽车充电器的研究。以下是关键点: 1. **研究背景**:研究人员发现,电动汽车充电器存在安全漏洞,可通过蓝牙进行攻击。 2. **目标设备**:主要针对家用市场中的Level 2充电器,如JuiceBox 40和Autel MaxiCharger。 3. **漏洞利用**:通过漏洞可以执行任意代码,如修改充电设置、获取LAN访问权限等。 4. **攻击途径**:利用充电器的不安全配置、弱密码、固件漏洞等。 5. **影响**:可能导致充电器损坏、能源欺诈、电网中断等。 6. **研究方法**:包括网络分析、固件分析、硬件逆向工程等。 7. **建议**:加强硬件安全研究,关注设备配置和固件更新。
**蓝牙充电漏洞?** **汽车充电器安全危机?** **破解充电桩,可行吗?**
客服
商务合作
小程序
服务号
折叠