How a vuln in dealer software could've unlocked your car

Name: How a vuln in dealer software could've unlocked your car
Description: Eaton Zveare presents research he titles "Unexpected Connections" — a vulnerability in obscure automotive dealer management software that cascaded into full administrative control of an entire automot

Eaton Zveare, Roshan Piyush

DEF CON 33 · Day 2 · Main Stage

Eaton Zveare presents research he titles "Unexpected Connections" — a vulnerability in obscure automotive dealer management software that cascaded into full administrative control of an entire automot

AI review

Auth/authz flaw in obscure automotive dealer management software cascades to platform-admin over 1,000+ dealerships, vehicle remote commands (including unlock), customer PII, and telematics access via transitive trust exploitation. The disclosed portion is ~25% of what was possible.

Watch on YouTube