The Key to Remote Vehicle Control: Autonomous Driving Domain Controller

Explore attack vectors and security weaknesses in modern ADAS controllers, including T-box vulnerabilities, firmware manipulation, and CAN bus exploitation in autonomous vehicles.

Key takeaways
  • Modern ADAS (Advanced Driver Assistance Systems) controllers are becoming central points for vehicle control, connecting to multiple vehicle systems through CAN buses and Ethernet

  • Key attack vectors include:

    • T-box vulnerabilities
    • UFS/EMSE storage access
    • Unsecured SSH interfaces
    • MCU firmware manipulation
    • Model file leakage
  • Common ADAS computing platforms:

    • Horizon X (254 TOPS)
    • TI TDA4VM
    • Mobile S solutions
    • Qualcomm solutions
  • Vehicle control can be achieved through:

    • Exploiting CAN bus connections
    • Accessing power chain and chassis systems
    • Manipulating sensor signals
    • Controlling domain controllers
  • Security weaknesses identified:

    • Default/weak passwords
    • Unprotected debug ports (DAP)
    • Lack of secure boot
    • Insufficient storage encryption
    • Exposed model files
  • Critical components for research:

    • Vehicle Ethernet adapters
    • Storage dumping tools
    • Circuit analysis equipment
    • Model analysis frameworks
  • Future trends point to:

    • Increased computing power (1000+ TOPS)
    • More integrated domain controllers
    • Enhanced connectivity between systems
    • Full autonomous capabilities
  • Recommended security improvements:

    • Implement secure boot
    • Strengthen authentication
    • Protect storage systems
    • Secure debug interfaces
    • Encrypt model files