KOFFEE - Kia OFFensivE Exploit

A recent study [6] claims that modern In-Vehicles Infotainment (IVI) systems mounts Linux or Android operating system (OS). Even though Linux provides several advantages, Android OS is going to impose its supremacy also in the automotive market [1]. This is mainly caused by the advantages that such OS provides in terms of features in the connected-car scenario. Several OEMs already mounts on their cars IVI with Android OS and others are going to do it soon, e.g., General Motors in 2021 [5]. In this paramount, years ago we have started our security research activity on possible vulnerabilities that IVI, mounting Android OS, may expose. Our initial studies were on after-market IVIs based on Android OS and we found important vulnerabilities [2],[3] on the devices that may allow for instance, an attacker to gain remote root privileges to the IVI. As next step, we moved our activity on a KIA C'eed car, which we bought in the summer of 2019 and we started reverse engineering starting from its HU based on Android. Our KIA C'eed is not connected to the Internet by default and does not have a telematic unit. However, it can be connected to the Internet through a smartphone, as hotspot mode, or 3G,4G and 5G dongle that generates a Wifi network in which the head unit is connected. In this report, we describe our exploit, named KOFFEE, perpetrated to a KIA C'eed. This is part of our research activity on offensive cybersecurity in the automotive domain. Therefore, we decided to not detail all aspects of our work in this report, instead of a full disclosure which would be considered as irresponsible to vehicle users. The full report will be released at a proper time in the year 2021 if things will go as planned.