Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report.
An organization hired us to perform a penetration test on a self-driving car—as it turns out, there are several self-driving projects available on the market today, so we were tasked with assessing the attack surface of the vehicle to enumerate vulnerabilities that could lead to remote control of the vehicle. This included testing a somewhat broad scope of the vehicle, including its CAN Bus and TCP/IP networking.
I was responsible for testing the TCP/IP portion of the assessment. Through testing, we followed a similar methodology to an internal penetration test. We connected to the network using an ethernet cable, scanned the vehicle’s Local Area Network identifying alive hosts, port scanned to fingerprint for services, etc.
While scanning, we found that anonymous FTP was enabled on a couple of the hosts. Upon further inspection, we learned that it allowed Read and Write with Root permissions to the Root directory of its Linux operating system. We uploaded our own private key to the system using the anonymous login and found that we could then SSH in. Turns out the hosts were part of the radar controller unit. This system failing while the vehicle was in motion could lead to the car crashing.
Continuing our testing, we also found that the system had several instances of Docker listening. The D ..
Support the originator by clicking the read the rest link below.
