Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…
Category: Keen Security Lab Blog
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
TenSec 2019
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
TenSec 2019
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. Over the last three years, we have invited the top…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. About GENIVI The GENIVI Alliance[1] develops standard approaches for integrating operating systems and middleware…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
TenSec 2019
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
TenSec 2019
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. Over the last three years, we have invited the top…
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. About GENIVI The GENIVI Alliance[1] develops standard approaches for integrating operating systems and middleware…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
Vulnerability Research is a Journey: CVEs Found by KeenLab
Partly estimated, until May 2016, KeenLab has totally found 152 critical vulnerabilities with CVE IDs, ranging from mainstream OS to browsers and applications Among those vulnerabilities we discovered, 13 was used directly in our 8 Pwn2Own winner categories in the…
Emerging Defense in Android Kernel
There was a time that every Linux kernel hacker loves Android. It comes with a kernel from stone-age with merely any exploit mitigation. Writing exploit with any N-day available was just a walk in the park.Now a days Google, ARM…
WindowServer: The privilege chameleon on macOS (Part 1)
When talking about Apple Graphics, the WindowServer component should not be neglected. Rencently KeenLab has been talking about Apple graphics IOKit components at POC 2015 “OS X Kernel is As Strong as its Weakest Part“, CanSecWest 2016 “Don’t Trust Your…
WindowServer: The privilege chameleon on macOS (Part 2)
From my last blog post “WindowServer: The privilege chameleon on macOS (Part 1)”, we discussed some basic concepts, the history and architecture of WindowServer, as well as the details of CVE-2016-1804 – A Use-After-Free (Or we can also call it…
The Journey of a complete OSX privilege escalation with a single vulnerability – Part 1
In previous blog posts Liang talked about the userspace privilege escalation vulnerability we found in WindowServer. Now in following articles I will talk about the Blitzard kernel bug we used in this year’s pwn2own to escape the Safari renderer sandbox,…
Car Hacking Research: Remote Attack Tesla Motors
With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode. It is worth to note that…
A Link to System Privilege
A Detailed Description of CVE-2016-0176 and Its Exploitation Essentials of a Successful Pwn of Microsoft Edge A successful Pwn of Microsoft Edge consists of two essential parts: Browser RCE(Remote Code Execution) and browser sandbox bypass. Browser RCE is typically achieved…
Racing for everyone: descriptor describes TOCTOU in Apple’s core
This blog post is about a new type of vulnerabilities in IOKit I discovered and submitted to Apple in 2016. I did a brief scan using a IDA script on MacOS and found at least four bugs with 3 CVEs…
New Car Hacking Research: 2017, Remote Attack Tesla Motors Again
Keen Lab discovered new security vulnerabilities on Tesla motors and realized full attack chain to implement arbitrary CAN BUS and ECUs remote controls on Tesla motors with latest firmware. Several highlights for 2017 Tesla Research: Realized full attack chain as…
A bunch of Red Pills: VMware Escapes
Background VMware is one of the leaders in virtualization nowadays. They offer VMware ESXi for cloud, and VMware Workstation and Fusion for Desktops (Windows, Linux, macOS).The technology is very well known to the public: it allows users to run unmodified…
TenSec 2018
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. TenSec 2018 will be held on October 10 and 11,…
New Vehicle Security Research by KeenLab: Experimental Security Assessment of BMW Cars
Introduction The research of BMW cars is an ethical hacking research project. In the research, Keen Security Lab performed an in-depth and comprehensive analysis of both hardware and software on in-vehicle infotainment Head Unit, Telematics Control Unit and Central Gateway…
Exploiting iOS 11.0-11.3.1 Multi-path-TCP:A walk through
Introduction The iOS 11 mptcp bug (CVE-2018-4241) discovered by Ian Beer is a serious kernel vulnerability which involves a buffer overflow in mptcp_usr_connectx that allows attackers to execute arbitrary code in a privileged context. Ian Beer attached an interesting piece…
Tencent Keen Security Lab: Experimental Security Research of Tesla Autopilot
Introduction With the rise of Artificial Intelligence, Advanced Driver Assistance System (ADAS) related technologies are under rapid development in the vehicle industry. Meanwhile, the security and safety of ADAS have also received extensive attention. As a world-leading security research team,…
TenSec 2019
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. Over the last three years, we have invited the top…
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. About GENIVI The GENIVI Alliance[1] develops standard approaches for integrating operating systems and middleware…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…
Vulnerability Research is a Journey: CVEs Found by KeenLab
Partly estimated, until May 2016, KeenLab has totally found 152 critical vulnerabilities with CVE IDs, ranging from mainstream OS to browsers and applications Among those vulnerabilities we discovered, 13 was used directly in our 8 Pwn2Own winner categories in the…
Emerging Defense in Android Kernel
There was a time that every Linux kernel hacker loves Android. It comes with a kernel from stone-age with merely any exploit mitigation. Writing exploit with any N-day available was just a walk in the park.Now a days Google, ARM…
WindowServer: The privilege chameleon on macOS (Part 1)
When talking about Apple Graphics, the WindowServer component should not be neglected. Rencently KeenLab has been talking about Apple graphics IOKit components at POC 2015 “OS X Kernel is As Strong as its Weakest Part“, CanSecWest 2016 “Don’t Trust Your…
WindowServer: The privilege chameleon on macOS (Part 2)
From my last blog post “WindowServer: The privilege chameleon on macOS (Part 1)”, we discussed some basic concepts, the history and architecture of WindowServer, as well as the details of CVE-2016-1804 – A Use-After-Free (Or we can also call it…
The Journey of a complete OSX privilege escalation with a single vulnerability – Part 1
In previous blog posts Liang talked about the userspace privilege escalation vulnerability we found in WindowServer. Now in following articles I will talk about the Blitzard kernel bug we used in this year’s pwn2own to escape the Safari renderer sandbox,…
Car Hacking Research: Remote Attack Tesla Motors
With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote, aka none physical contact, control on Tesla Model S in both Parking and Driving Mode. It is worth to note that…
A Link to System Privilege
A Detailed Description of CVE-2016-0176 and Its Exploitation Essentials of a Successful Pwn of Microsoft Edge A successful Pwn of Microsoft Edge consists of two essential parts: Browser RCE(Remote Code Execution) and browser sandbox bypass. Browser RCE is typically achieved…
Racing for everyone: descriptor describes TOCTOU in Apple’s core
This blog post is about a new type of vulnerabilities in IOKit I discovered and submitted to Apple in 2016. I did a brief scan using a IDA script on MacOS and found at least four bugs with 3 CVEs…
New Car Hacking Research: 2017, Remote Attack Tesla Motors Again
Keen Lab discovered new security vulnerabilities on Tesla motors and realized full attack chain to implement arbitrary CAN BUS and ECUs remote controls on Tesla motors with latest firmware. Several highlights for 2017 Tesla Research: Realized full attack chain as…
A bunch of Red Pills: VMware Escapes
Background VMware is one of the leaders in virtualization nowadays. They offer VMware ESXi for cloud, and VMware Workstation and Fusion for Desktops (Windows, Linux, macOS).The technology is very well known to the public: it allows users to run unmodified…
TenSec 2018
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. TenSec 2018 will be held on October 10 and 11,…
New Vehicle Security Research by KeenLab: Experimental Security Assessment of BMW Cars
Introduction The research of BMW cars is an ethical hacking research project. In the research, Keen Security Lab performed an in-depth and comprehensive analysis of both hardware and software on in-vehicle infotainment Head Unit, Telematics Control Unit and Central Gateway…
Exploiting iOS 11.0-11.3.1 Multi-path-TCP:A walk through
Introduction The iOS 11 mptcp bug (CVE-2018-4241) discovered by Ian Beer is a serious kernel vulnerability which involves a buffer overflow in mptcp_usr_connectx that allows attackers to execute arbitrary code in a privileged context. Ian Beer attached an interesting piece…
Tencent Keen Security Lab: Experimental Security Research of Tesla Autopilot
Introduction With the rise of Artificial Intelligence, Advanced Driver Assistance System (ADAS) related technologies are under rapid development in the vehicle industry. Meanwhile, the security and safety of ADAS have also received extensive attention. As a world-leading security research team,…
TenSec 2019
Tencent Security Conference (TenSec) is an international cybersecurity summit launched by Tencent Security, hosted by Tencent Keen Security Lab and Tencent Security Platform Department, and co-organized by Tencent Security Academy. This article has been indexed from Keen Security Lab Blog…
Exploiting Wi-Fi Stack on Tesla Model S
In the past two years, Keen Security Lab did in-depth research on the security of Tesla Cars and presented our research results on Black Hat 2017 and Black Hat 2018. Our research involves many in-vehicle components. We demonstrated how to…
Tencent Keen Security Lab joins GENIVI Alliance
Tencent Keen Security Lab (Keen Lab) has joined the GENIVI Alliance, a non-profit alliance focused on delivering open source, in-vehicle infotainment (IVI) and connected vehicle software. This article has been indexed from Keen Security Lab Blog Read the original article:…
Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars
Since 2017, Lexus has equipped several models (including Lexus NX, LS and ES series) with a new generation infotainment, which is also known as AVN (Audio, Visual and Navigation) unit. Compared to some Intelligent connected infotainment units, like Tesla IVI…
Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars
MBUX, Mercedes-Benz User Experience is the infotainment system in Mercedes-Benz cockpits. Mercedes-Benz first introduced MBUX in the new A-Class back in 2018, and is adopting MBUX in their entire vehicle line-up, including Mercedes-Benz E-Class, GLE, GLS, EQC, etc. In this…