当前位置:首页 > 报告详情

电子木马:小米电动滑板车面临勒索软件、追踪、拒绝服务攻击和数据泄露的威胁.pdf

上传人: 竿*** 编号:981944 2025-11-29 38页 2.81MB

1、#BHUSA BlackHatEventsE-Trojans:Ransomware,Tracking,DoS,and Data Leaks on Battery-powered Embedded SystemsM.Casagrande(KTH),D.Antonioli(EURECOM).#BHUSA BlackHatEvents Postdoc at KTH(Sweden),Prof.PapadimitratosNetworked Systems Security(NSS)groupPhD at EURECOM(France),Dec 2024,Prof.Antonioli Research

2、in Security and Privacy:Proprietary protocols(fitness trackers,e-scooters,)Standard protocols(BLE,Wi-Fi,NFC,FIDO2,)Mobile(Android,)2Marco Casagrande#BHUSA BlackHatEvents Professor at EURECOM(France)Software and System Security(S3)group Research security and privacyBluetooth(BLUFFS,BLURtooth,BIAS,KNO

3、B,)E-Scooters(E-Spoofer,E-Trojans,)FIDO2(CTRAPS,)Web tracking(FP-tracer,)More at https:/francozappa.github.io3Daniele Antonioli#BHUSA BlackHatEvents Co-authors from University of Padova(UniPD)Riccardo CestaroProf.Eleonora Losiouk Prof.Mauro Conti4Acknowledgments#BHUSA BlackHatEvents Introduction Vul

4、nerabilities and Attacks Overvoltage Battery Destruction Undervoltage Battery Ransomware RE,Toolkit,and Evaluation Countermeasure and Disclosure5E-Trojans Talk Outline#BHUSA BlackHatEventsIntroduction#BHUSA BlackHatEventsE-Scooter Ecosystem E-ScooterE-Scooter mobile appE-ScooterbackendProp proto ove

5、r BLEStandard TLS7#BHUSA BlackHatEvents8Xiaomi E-Scooter EcosystemXiaomi is a e-scooter market leader(personal and rental)e-scooters,includingM365 and Mi 3.Mi Home mobile app to manage the e-scooter(password lock,firmware update,).E-scooter can be remotely attacked to compromise security,privacy,and

6、 safety.#BHUSA BlackHatEventsDont Give me a Brake,Zimperium 2019 ref9Attacker remotely locks a Xiaomi M365 e-scooter via a custom wireless message.#BHUSA BlackHatEventsOur Xiaomi E-Spoofer Attacks 2023 ref10#BHUSA BlackHatEventsOur Xiaomi E-Trojans Attacks 2023 ref11#BHUSA BlackHatEventsXiaomi E-Sco

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要探讨了E-Trojans,一种针对电动滑板车的恶意软件,它能够通过蓝牙和UART接口进行远程攻击。以下是关键点: 1. **攻击目标**:E-Trojans主要针对小米M365和Mi 3型号的电动滑板车。 2. **攻击方式**:包括过压电池破坏(OBD)、欠压电池勒索(UBR)、用户跟踪、拒绝服务攻击和密码泄露。 3. **攻击漏洞**:包括未加密的BCTRL固件、未签名的BCTRL固件、缺乏UART完整性、加密和认证,以及缺乏DoS保护。 4. **攻击效果**:可能导致电池损坏、过热、膨胀、火灾甚至爆炸。 5. **防御措施**:建议加密固件、签名验证、保护UART总线,并实施速率限制。 6. **小米回应**:小米已意识到这些漏洞,并在后续型号中采取了增强的安全措施。
电动滑板车安全危机?" "电池驱动的设备,如何防范E-Trojans攻击?" "E-Trojans漏洞,你的设备安全吗?"
客服
商务合作
小程序
服务号
折叠