Playlist "German OWASP Day 2025"

Pwn My Ride: Jailbreaking Cars with CarPlay

Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a single vulnerability we discovered in the AirPlay SDK.
We'll take you through our entire exploit development process from identifying the vulnerability, to testing it on a custom device emulator, and finally, executing the exploit on actual devices. The session will include a demonstration of our RCE exploit on a well known third-party CarPlay device to show how an attacker can run arbitrary code while in physical proximity to a target car.
We will also share how we managed to blindly exploit CarPlay without a debugger, knowing the vulnerable code is present on the system.

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/

News
RSS, last 100
Podcast feed of the last two years	SD quality
Podcast audio feed of the last year
Podcast archive feed, everything older than two years	SD quality
Podcast feeds for god2025
mp3
webm	SD quality
mp4	SD quality
opus

News
RSS, last 100
Podcast feed of the last two years	SD quality
Podcast audio feed of the last year
Podcast archive feed, everything older than two years	SD quality
Podcast feeds for god2025
mp3
webm	SD quality
mp4	SD quality
opus