SecTor 2025 | DriveThru Hacking: Now with Delivery

In-car dash cameras (dashcams) are now standard in modern vehicles, often encouraged by insurers to support claims. But without strong security, they pose a serious privacy and attack risk.

This talk introduces the latest iteration of DriveThru Hacking, targeting over two dozen dashcam models via an automated, vendor-agnostic tool that extracts footage, GPS data, and conversations in minutes. A new online service enables controlled testing via license-based red (attack) and blue (defense) modes. Blue deploys hardening and a lightweight IPS to block known threats.

We will also explore SIM-enabled dashcams with 4G, where attackers escalate privileges from local access and establish outbound C2 beacons – turning mobile dashcams into roaming footholds. Unlike IoT devices locked to a home, these are exposed everywhere the vehicle goes.

We will close with practical countermeasures for manufacturers, defenders, and regulators navigating an increasingly connected automotive world.

By:
George Chen | Security Architect,
Alina Tan | Co-founder, HE&T Security Labs
Chee Peng Tan | Lead Cybersecurity Analyst
Benjamin Cao | Incident Response Lead

Presentation Materials Available at:
https://blackhat.com/sector/2025/briefings/schedule/?#drivethru-hacking-now-with-delivery-47398Black HatRead More