Talk

Exploiting USB on a Tesla IVI with Raspberry Pi Devices to bypass KASLR

March 20, 11:30 (CAMPUS)

In late 2024 a USB vulnerability (CVE-2024-53150) was reported by Google Threat Analysis Group to the Linux Kernel mailing list and was subsequently added to CISA known exploited vulnerabilities (KEV) list.

Then in early 2025, multiple other Linux Kernel USB vulnerabilities were found to have been exploited to compromise mobile phone devices in the wild (as covered by Amnesty International).

Whilst the vulnerabilities themselves have been described previously, a method of practically exploiting these issues along with ease of exploitation was not known.

NCC’s Exploit Development Group decided to answer the question – what does it take to exploit Linux Kernel USB vulnerabilities such as these against a modern Linux version?

This also led to our first discovery, which was that these USB vulnerabilities affected more than just mobile devices. Tesla’s automotive, in-vehicle infotainment (IVI) system was also vulnerable to a number of these core Linux kernel issues!

This talk is specifically about exploiting one of these vulnerabilities (CVE-2024-53150) and the novel tooling it was necessary to develop to bypass KASLR on a Tesla IVI.

Speaker

Alex Plaskett

Alex Plaskett (@alexjplaskett) is a security researcher within the Exploit Development Group (EDG) at NCC Group. Alex is a five times Pwn2Own winner (desktop, mobile, embedded, and automotive) and has over 15+ years of experience in vulnerability research and exploitation. Alex has exploited vulnerabilities in a large range of high-profile products across many different areas of security. Alex is a frequent speaker at security conferences (e.g. BlackHat, OffensiveCon, Hexacon, HITB, BlueHat, POC, Troopers etc). Alex was previously leading security teams in Fintech, Mobile Security and Security Research and just generally causing vendors to patch things on a regular basis!

rherrera

Robert Herrera (@robert.herrera_) is a Principal Security Researcher within the Exploit Development Group (EDG) team at NCC Group. Robert has extensive experience performing security audits for a diverse set of technologies ranging from automotive, modems, secure boot platforms, and reverse-engineering pretty much any firmware that comes his way. Robert has 8+ years of experience and has worn many hats over the years ranging from iOS Developer, Software Engineer, to Reverse Engineer.