DriveThru Car Hacking: Fast Food, Faster Data Breach

In-car dash cameras (dashcams) have become quintessential to our daily lives, supported by guidelines and regulations from insurance companies as part of insurance reduction or substantiating claims during an accident. However, this can be a double-edged sword without proper security measures, potentially compromising privacy and increasing susceptibility to identity theft.

In this talk, we present our findings on hacking over two dozen leading dashcam models and provide a step-by-step approach to conducting an automated drive-through compromise on dashcams, resulting in major privacy breach within a few minutes. We will present a novel attack vector, DriveThru Hacking, and a tool that automates the process of Wi-Fi discovery, hacking, data exfiltration, LLM summarisation and insights generation, focusing on a vendor-agnostic attack and performance.

A live test of the tool will be conducted, highlighting each point of failure and the reconnaissance data gathered from sample dashcam footage – in this demo, you will see how much information can be gleaned, from private conversations to daily routes, and the alarming speed at which compromise can unfold.

Finally, we conclude with countermeasures to these attacks and precautionary practices we should adopt in the increasingly-connected world we live in today.

By:
Alina Tan | Co-founder, HE&T Security Labs
George Chen | Head of CloudSec and AppSec, Global Tech Company
Chee Peng Tan | Lead Cybersecurity Analyst, Global Tech Company
Ri-Sheng Tan | Incident Response Lead, Global Tech Company
Penelope Chua | Cybersecurity Analyst, Global Tech Company
Benjamin Cao | Incident Response Lead, Global Tech Company

Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-25/briefings/schedule/#drivethru-car-hacking-fast-food-faster-data-breach-43514Black HatRead More