BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Inside Dash Cam: Custom Protocols and Discovered 0-d ays\n When: Friday\, Aug 9\, 17:30 - 17:59 PDT\n Where: LVCC West/Floo r 1/Hall 3/Creator Stage 2 - [1]Map\n\n Description:\n\n In recent yea rs\, the use of dash cams has surged\, making them an\n essential compon ent of modern vehicles. To enhance user convenience\,\n many dash cams a re now equipped with network connectivity. This growth\n in the dash cam market has heightened the importance of vehicle and\n personal data sec urity. However\, network-connected dash cams pose\n potential security r isks to their availability and key\n functionalities. In this presentati on\, we will comprehensively analyze\n dash cams from various countries\ , including South Korea\, the USA\,\n Germany\, and China\, as well as b uilt-in dash cams. During our\n analysis\, we discovered numerous zero-d ay vulnerabilities (such as OS\n Command Injection\, Logical Bugs\, and insufficient authentication) that\n pose significant security threats. V ulnerabilities were primarily\n found during the dash cam boot process\, configuration changes\, and\n communications via custom protocols.\n\n We will detail the dash cam analysis process in the following\n sequen ce: - [Analysis Process] - Acquiring firmware through official\n website s or apps - Extracting the file system to analyze the initial\n boot log ic - Analyzing the boot logic to identify vulnerabilities or\n debugging ports to gain shell access - Utilizing the obtained shell\n for remote debugging of the main system\n\n Interestingly\, our analysis of 10 diff erent dash cams revealed that 4\n devices used the same OEM board from a common manufacturer. These 4\n devices shared similar vulnerabilities\, and exploiting a vulnerability\n found in one device allowed us to succ essfully exploit all of them.\n Our research uncovered common security v ulnerabilities across multiple\n dash cams\, and we will discuss measure s to prevent these\n vulnerabilities. We will particularly focus on anal yzing the custom\n protocols used by dash cams and the security risks as sociated with\n them. This presentation aims to raise awareness of poten tial security\n threats in dash cams and encourage manufacturers to prod uce more\n secure products. We hope to drive industry standards and best \n practices to ensure the safety and security of these increasingly\n critical devices. By sharing our findings\, we aim to highlight the\n i mportance of dash cam security and provide insights that can lead to\n m ore secure designs and implementations.\n\n Speakers:Hyo Jin Lee\,Hanrye ol Park\n\n SpeakerBio: Hyo Jin Lee\, Senior Researcher\, R&D Team at Z IEN\n\n Senior Researcher HYOJIN LEE\, R&D Team\, IoT Security Company Z IEN\n\n * Helped hundreds of companies fix security vulnerabilities\,\ n including LG\, EY\, Korea Investment & Securities\, KOREA ELECTRON ICS\n ASSOCIATION\, etc\n\n * Operated booth and presented at th e Korea Security Conference\n SECON (2024)\n\n * Operated booth at RSAC (2024)\n\n * First place in the Korea Home IoT Challenge (Cybe r Security\n Challenge 2022)\n\n * Fourth place in the Korea Sma rt City Challenge (Cyber Security\n Challenge 2023)\n\n * Recipi ent of the "Excellence in Cybersecurity Award" from the\n Ministry o f SMEs and Startups (MSS) at the Korea Security\n Conference WACON 2 023\n\n * Holder of five Korean patents\, including one related to IoT \n collection modules.\n\n SpeakerBio: Hanryeol Park\, Senior Res earcher at ZIEN Lab\n No BIO available\n '\n\n 1. #LVCCW_Level1_Hall 3\n\n\n DTEND:20240810T005900Z DTSTART:20240810T003000Z LOCATION:IOTV - LVCC West/Floor 1/Hall 3/Creator Stage 2 SUMMARY:Inside Dash Cam: Custom Protocols and Discovered 0-days END:VEVENT END:VCALENDAR