Mwiniwake wa Hyundai Ioniq SEL wasindikiza nkhani zingapo zofotokoza momwe adasinthira ku firmware yomwe imagwiritsidwa ntchito mu infotainment system (IVI) potengera D-Audio2V opareting'i sisitimu yogwiritsidwa ntchito m'magalimoto a Hyundai ndi Kia. Zinapezeka kuti zonse zofunika kuti zitsimikizidwe ndikuzitsimikizira zinali zopezeka pa intaneti ndipo ndi mafunso ochepa chabe a Google omwe amafunikira kuti adziwe.
Zosintha za firmware zoperekedwa ndi wopanga makina a IVI zidaperekedwa mu zip file yosungidwa ndi mawu achinsinsi, ndipo zomwe zili mu firmware yokha zidasungidwa pogwiritsa ntchito algorithm ya AES-CBC ndikutsimikiziridwa ndi siginecha ya digito yotengera makiyi a RSA. Mawu achinsinsi a zip archive ndi kiyi ya AES yochotsa chithunzi cha updateboot.img adapezeka mu script ya linux_envsetup.sh, yomwe inalipo momveka bwino mu phukusi la system_package yokhala ndi zida zotseguka za D-Audio2V OS, zogawidwa patsamba la Wopanga makina a IVI.
Komabe, kuti musinthe firmware, kiyi yachinsinsi yomwe imagwiritsidwa ntchito potsimikizira siginecha ya digito idasowa. Ndizofunikira kudziwa kuti kiyi ya RSA idapezeka ndi injini yosakira ya Google. Wofufuzayo adatumiza pempho losakira akuwonetsa kiyi ya AES yomwe idapezeka kale ndipo adapeza kuti kiyiyo si yapadera ndipo imatchulidwa mu chikalata cha NIST SP800-38A. Poganizira kuti kiyi ya RSA idabwerekedwa mwanjira yofananira, wofufuzayo adapeza kiyi yapagulu mu code yotsagana ndi firmware ndikuyesa kupeza zambiri pa Google. Funso lidawonetsa kuti kiyi yapagulu yotchulidwa idatchulidwa mu chitsanzo cha OpenSSL manual, yomwe idaphatikizanso kiyi yachinsinsi.
Atalandira makiyi ofunikira, wofufuzayo adatha kusintha kusintha kwa firmware ndikuwonjezera kumbuyo, zomwe zimapangitsa kuti zitheke kulumikiza kutali ndi chipolopolo cha pulogalamu ya chilengedwe cha chipangizo cha IVI, komanso kuphatikiza zina zowonjezera mu firmware.
Source: opennet.ru