Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
[Suggested description]
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, SOP.007.1.191209 may allow
an attacker to inject unauthorized commands, by executing the micomd
executable deamon, to trigger unintended functionalities. In addition,
this executable may be used by an attacker to inject commands to
generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of
the vehicle.
------------------------------------------
[Additional Information]
Initial details are available in the following technical report:
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf
We already wrote a not yet public version of post-exploitation module for Metasploit.
We contacted KIA Motors Europe reporting the vulnerability, and they released software version SOP.008.4.200619
to fix the issue.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
Kia Motors Corporation (Automotive)
------------------------------------------
[Affected Product Code Base]
Head Unit - SOP.003.30.18.0703
Head Unit - SOP.005.7.181019
Head Unit - SOP.007.1.191209
------------------------------------------
[Affected Component]
Executable
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
An attacker may access the M-CAN bus (Multimedia CAN bus) of the vehicle, or alter the head unit functionalities
------------------------------------------
[Attack Vectors]
To exploit this vulnerability an attacker must send crafted command to the micomd executable.
------------------------------------------
[Reference]
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf
http://webhost.services.iit.cnr.it/staff/gianpiero.costantino/
http://webhost.services.iit.cnr.it/staff/ilaria.matteucci/
------------------------------------------
[Discoverer]
Gianpiero Costantino, Ilaria Matteucci
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment