Upcoming events

Stay up to date with the latest PCA Cyber Security events, explore our webinars, and study our expert research. We highlight the most important and valuable trends in the automotive security industry

SEE ALL EVENTS about event

Black Hat Asia 2025 – Singapore (April 1-4, 2025)

 

PCA Cyber Security is proud to sponsor Black Hat Asia 2025, returning to Marina Bay Sands, Singapore, for four days of cutting-edge cybersecurity training, expert briefings, and industry networking.

Visit us at Booth #513 to connect with our team and explore our latest security solutions.

Don’t miss our briefing!
April 4 | 3:20 PM
Orchid Junior Ballroom 4211/4311
Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet
Speakers: Radu Motspan, Mikhail Evdokimov, Polina Smirnova

Join us as we dive into the latest automotive cybersecurity research and real-world attack scenarios.

Agenda

Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet

Radu Motspan | Senior Security Researcher, PCAutomotive
Mikhail Evdokimov | Senior Security Researcher, PCAutomotive
Polina Smirnova | Senior Security Researcher, PCAutomotive

Date: Friday, April 4 | 3:20pm-4:00pm ( Orchid Junior Ballroom 4211/4311)
Format: 40-Minute Briefings
Tracks: Hardware / Embedded, Reverse Engineering

Today's vehicles are evolving rapidly, with a rising number of electric models and an expanding array of digital technologies, such as onboard Wi-Fi, Bluetooth, and USB connectivity. These advancements are making cars increasingly connected and technologically complex. However, most vehicles still have largely proprietary internal systems, which, coupled with the critical importance of automotive safety, makes them a significant area of focus for security research.

This talk explores our successful remote compromise of a 2020 Nissan Leaf, demonstrating how vulnerabilities in the vehicle's connected systems can be exploited to gain control over critical body functions. Our approach began by exploiting weaknesses in Bluetooth to infiltrate the internal network, followed by bypassing the secure boot process to escalate access. Establishing a Command and Control (C2) channel over DNS allowed us to maintain a covert, persistent link with the vehicle, enabling full remote control. By compromising an independent communication CPU, we could interface directly with the CAN bus, which governs critical body elements, including mirrors, wipers, door locks, and even the steering.

Given the serious safety implications, discussing these vulnerabilities is essential for advancing vehicle cybersecurity. In this session, we'll share technical insights into each stage of the compromise—from initial access and command execution to bypassing gateway filters. Our findings underscore the urgent need for improved protections in connected vehicles to safeguard against remote exploitation.

DURATION: 40:00

Get to know our speakers

Undefined (1)

Radu Motspan

Senior Security Researcher

Undefined

Polina Smirnova

Senior Security Researcher

Mikhail Evdokimov

Mikhail Evdokimov

Senior Security Researcher