5

As far as I know most vehicle infotainment systems are run on a customized Linux system built with Yocto. Forensic toolkits such as Berla iVe allows to extract information such as GPS data, call log, door events, gear changes, etc. (see https://digital-forensics.sans.org/blog/2017/05/01/digital-forensics-automotive-infotainment-and-telematics-systems-2/)

I did some research but I am still wondering how exactly this data extraction is carried out. Some older car models seem to have open telnet/ssh ports which allowed access to the file system (e.g. VW models from 2014). Newer models seem to have these simple attack vectos eradicated.

My questions:

  • How exactly is the Berla iVe toolkit working? Does it rely on flaws like an open root shell?
  • Where would the personal data be stored inside an infotainment system and in which format?
  • Are there any images of infotainment storage online available? Was any of you able to create an image of the infotainment system in your car?

I know these are very specific questions but maybe someone out there can help me out here.

Natto_Jihen
  • 51
  • 1
  • Natto - I'm going to close this as it is not actually a security question within our site scope. Your first question is answered on the site you linked. The second sort of is as well. The third is definitely off topic. – Rory Alsop Dec 11 '18 at 23:18
  • @RoryAlsop I am sorry if my questions were not clearly enough formulated or off topic. I cannot see where my first two questions are answered exactly on the site I linked. A direct physical connection on the PCB is described there, but what happens then? Which pins are used for this and which protocol is applied to read the flash chip content (SPI)? Further, after an image was obtained, how exactly is the information gathered there. I was unable to find answers to these questions on my linked site or other internet resources at all, hence as a last resort I tried to ask my question here. – Natto_Jihen Dec 13 '18 at 09:07
  • Read from "For some systems it is as simple as plugging a USB or on-board diagnostics (OBD-II) cable" and Google OBD-II protocol. This is standard automotive stuff. – Rory Alsop Dec 13 '18 at 09:20
  • So say I want to do this manually, after plugging into the USB or DLC, what happens next? The iVe software does this automatically but how is the technical implementation? I am aware of this standard automotive stuff, but how would one simply obtain this data via OBD-II or UDS? – Natto_Jihen Dec 13 '18 at 09:38
  • Please go and read the OBD-II info online. This is off topic here. – Rory Alsop Dec 13 '18 at 14:40

0 Answers0