Security risks of diagnostic dongles in your car: small devices that put your car at risk. 🚘🛠️🔌👨🏻💻☣️
Security researchers Roberto Gesteira-Miñarro, Ignacio Gutiérrez, Rafael Palacios, and Gregorio López share their project: an offensive cybersecurity toolkit and test platform designed to analyze and exploit vulnerabilities in OBD-II dongles.
OBD-II dongles are small devices plugged into a car’s diagnostic port that often communicate via Bluetooth or Wi-Fi. They are used not only by DIY enthusiasts in home garages, but also by rental car agencies, taxi companies, and commercial fleets to remotely monitor vehicles.
The authors tested multiple commercial OBD dongles and found that even recent firmware versions once again allow CAN message injection. Final verdict: OBD dongles significantly expand a vehicle’s attack surface.
You’ll find several interesting details inside - especially if you work in automotive cybersecurity. If you have colleagues in this field, please feel free to share it with them as well.
Stay safe!
More details:
pwnobd: Offensive Cybersecurity Toolkit for Vulnerability Analysis and Penetration Testing of OBD-II Devices [PDF]: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=11082116
pwnobd [Github]: https://github.com/Nnubes256/pwnobd
