Semester of Graduation
Electrical and Computer Engineering
First Major Professor
Second Major Professor
Master of Science (MS)
Arada Locomate On-Board Unit is a vehicle-to-vehicle communication device that supports the WAVE protocol, which is the standard for vehicle to vehicle communication. Successful attacks on the device could be used to control the behavior of the connected vehicle. This creative component assesses the security of the device and discusses the vulnerabilities of the applications installed on the device. It reports about our results to exploit the known vulnerabilities of Dropbear ssh, Busybox telnet, and the Linux kernel, which are installed on the device and discusses how to obtain the private keys of the device to use them for attacks. In addition, it describes our investigation of the existence of exploitable buer over ow in the usbd program, which accepts messages through port 6666 (IRC port). The results are: the exploitation of Dropbear ssh, Busybox telnet failed, the exploitation of the vmsplice vulnerability in the Linux kernel required adapting the exploit to the MIPS architecture, there is no exploitable buer over ow in the usbd; however, the private keys of the device are easily accessible and the user password of the device could be changed without authentication. The current results are not that useful to stage attacks but further work may lead to exploit the device and use it to inject messages to the connected vehicle, e.g., develop an exploit for vmsplice vulnerability for MIPS Linux.
Veeraraghava Ramanni Janaarthanan, Sudharrshan
Veeraraghava, Ramanni J, "Security Analysis of Vehicle to Vehicle Arada Locomate On Board Unit" (2019). Creative Components. 271.