Car Dashboards at Risk as Hackers Remotely Seize Control Through Built-In Modems

Modern vehicles are becoming as connected as smartphones and just as vulnerable. Security researchers have identified multiple critical vulnerabilities in the Unisoc UIS7862A System-on-Chip (SoC), used in many Chinese car head units, that could allow attackers to remotely take control of onboard systems, including making the infotainment display run Doom, the classic 3D shooter game.

Vulnerabilities in the Modem Stack

The Unisoc UIS7862A integrates 2G/3G/4G cellular connectivity, making it an attractive target for cyberattacks.

A security assessment identified several vulnerabilities, including a stack-based buffer overflow in the 3G Radio Link Control (RLC) protocol implementation, tracked as CVE-2024-39432.

This flaw resides in the modem’s firmware handling of fragmented data packets. When the modem processes an incoming Service Data Unit (SDU), it parses multiple optional header fields stored on the stack without sufficient bounds checking.

By sending a specially crafted SDU with over 90 header entries, an attacker can overwrite the return address on the stack and execute arbitrary code.

Because the 3G connection is established before authentication or encryption begins, remote exploitation is possible before any protective mechanism is active.

Once code execution is achieved on the modem, attackers effectively gain a foothold inside the SoC. Typically, the modem and application processor (running Android) are separated, but researchers have demonstrated methods to circumvent this boundary.

By identifying a hidden peripheral Direct Memory Access (DMA) device within the hardware, they performed lateral movement from the communication processor to the application processor, ultimately achieving complete control of the system with kernel-level privileges.

From Modem Exploit to Full System Compromise

With complete access, the researchers modified sections of executable memory using Return-Oriented Programming (ROP) chains.

This allowed them to patch parts of the NAS (Non-Access Stratum) protocol handler to establish a two-way communication channel through 3G message responses.

They could then send and receive commands via the modem, effectively creating a backdoor into the vehicle’s system.

In a proof-of-concept demonstration, the team executed arbitrary code on the infotainment system, including launching Doom on the car’s display.

Though amusing, the hack highlights a serious threat: a compromised head unit can disrupt navigation, sensor data, or safety alerts, putting occupants at risk.

The findings, published by Kaspersky ICS CERT, underscore growing concerns over automotive cybersecurity.

As vehicles become increasingly software-driven and connected via cellular networks, securing embedded modems and SoCs is critical to ensuring passenger safety and data privacy.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Car Dashboards at Risk as Hackers Remotely Seize Control Through Built-In Modems appeared first on Cyber Security News.