Last updated at Wed, 13 Dec 2023 23:37:11 GMT

An organization hired us to perform a 渗透测试 on a self-driving car—as it turns out, there are several self-driving projects available on the market today, so we were tasked with assessing  the attack surface of the vehicle to enumerate vulnerabilities that could lead to remote control of the vehicle. This included testing a somewhat broad scope of the vehicle, including its CAN Bus 和 TCP/IP networking.

I was responsible for testing the TCP/IP portion of the assessment. Through testing, we followed a similar methodology to an internal 渗透测试. We connected to the network using an ethernet cable, scanned the vehicle’s Local Area Network identifying alive hosts, port scanned to fingerprint for services, 等.

While scanning, we found that anonymous FTP was enabled on a couple of the hosts. 经进一步检查, we learned that it allowed Read 和 Write with Root permissions to the Root directory of its Linux operating system. We uploaded our own private key to the system using the anonymous login 和 found that we could then SSH in. 结果 the hosts were part of the radar controller unit. This system failing while the vehicle was in motion could lead to the car crashing.

Continuing our testing, we also found that the system had several instances of Docker listening. The Docker interfaces were bound to the hosts’ external TCP/IP interface. Insecure Docker images are pretty common on corporate networks, 果然如此, this proved to be the case with the car! Not only was the service bound to the hosts external interface, it also was not configured with authentication. This led to us accessing the Docker host as well as the Docker images with Root privileges. 结果, these systems were the controllers for the Autonomous Vehicle System, the device that stored proprietary software for how the vehicles leverage its Artificial Intelligence 和 Machine Learning algorithms.

Interested in learning more about how Rapid7 pen testers conduct their assessments? Check back every week for a new story in the series.

不要错过任何一个博客

Get the latest stories, expertise, 和 news about security today.