Radu Motspan | Senior Security Researcher, PCAutomotive
Mikhail Evdokimov | Senior Security Researcher, PCAutomotive
Polina Smirnova | Senior Security Researcher, PCAutomotive

Date: Friday, April 4 | 3:20pm-4:00pm ( Orchid Junior Ballroom 4211/4311)
Format: 40-Minute Briefings
Tracks: Hardware / Embedded, Reverse Engineering

Today's vehicles are evolving rapidly, with a rising number of electric models and an expanding array of digital technologies, such as onboard Wi-Fi, Bluetooth, and USB connectivity. These advancements are making cars increasingly connected and technologically complex. However, most vehicles still have largely proprietary internal systems, which, coupled with the critical importance of automotive safety, makes them a significant area of focus for security research.

This talk explores our successful remote compromise of a 2020 Nissan Leaf, demonstrating how vulnerabilities in the vehicle's connected systems can be exploited to gain control over critical body functions. Our approach began by exploiting weaknesses in Bluetooth to infiltrate the internal network, followed by bypassing the secure boot process to escalate access. Establishing a Command and Control (C2) channel over DNS allowed us to maintain a covert, persistent link with the vehicle, enabling full remote control. By compromising an independent communication CPU, we could interface directly with the CAN bus, which governs critical body elements, including mirrors, wipers, door locks, and even the steering.

Given the serious safety implications, discussing these vulnerabilities is essential for advancing vehicle cybersecurity. In this session, we'll share technical insights into each stage of the compromise—from initial access and command execution to bypassing gateway filters. Our findings underscore the urgent need for improved protections in connected vehicles to safeguard against remote exploitation.