Degree Type

Creative Component

Semester of Graduation

Spring 2019

Department

Electrical and Computer Engineering

First Major Professor

Lotfi Ben-Othmane

Second Major Professor

Doug Jacobson

Degree(s)

Master of Science (MS)

Major(s)

Computer Engineering

Abstract

Arada Locomate On-Board Unit is a vehicle-to-vehicle communication device that supports the WAVE protocol, which is the standard for vehicle to vehicle communication. Successful attacks on the device could be used to control the behavior of the connected vehicle. This creative component assesses the security of the device and discusses the vulnerabilities of the applications installed on the device. It reports about our results to exploit the known vulnerabilities of Dropbear ssh, Busybox telnet, and the Linux kernel, which are installed on the device and discusses how to obtain the private keys of the device to use them for attacks. In addition, it describes our investigation of the existence of exploitable bu er over ow in the usbd program, which accepts messages through port 6666 (IRC port). The results are: the exploitation of Dropbear ssh, Busybox telnet failed, the exploitation of the vmsplice vulnerability in the Linux kernel required adapting the exploit to the MIPS architecture, there is no exploitable bu er over ow in the usbd; however, the private keys of the device are easily accessible and the user password of the device could be changed without authentication. The current results are not that useful to stage attacks but further work may lead to exploit the device and use it to inject messages to the connected vehicle, e.g., develop an exploit for vmsplice vulnerability for MIPS Linux.

Copyright Owner

Veeraraghava Ramanni Janaarthanan, Sudharrshan

File Format

PDF

Share

COinS