Finding vulnerabilities in in-vehicle infotainment (IVI) systems: eleven attacks on AGL ππ°πΊπ¨π½
Security researchers Yeonjae Kang and Huy Kang Kim share their methodology for finding vulnerabilities in IVI systems (the ones with the biggest screens in most modern cars), especially those built with Automotive Grade Linux (AGL).
The authors map the 11 attacks they identified to the MITRE ATT&CK framework and perform tests on an AGL-based test bench.
One of the attacks lets an attacker reroute the car to a destination of their choice while youβre already driving - without installing malware or exploiting a zero-day. It works simply by abusing unauthenticated APIs already built into the IVI system.
Super interesting - especially when you consider that AGL is a very popular OS for modern cars. So please share it with colleagues who work in the automotive industry.
More details:
Threat Analysis and Detection in In-Vehicle Infotainment System Leveraging MITRE ATT&CK
Slides [PDF]: https://www.usenix.org/sites/default/files/conference/protected-files/vehiclesec25_slides_kang.pdf
Paper [PDF]: https://www.usenix.org/system/files/vehiclesec25-kang.pdf
