i-Drive Dashcams Authentication Bypass Vulnerability in Device Pairing Component
Vulnerability
An authentication bypass vulnerability has been identified in i-Drive i11 and i12 dashcam models, all firmware versions prior to 20250227. The issue arises in the device pairing process, which relies on MAC address recognition. An attacker can spoof the MAC address of a paired device, bypassing the authentication mechanism and gaining unauthorized access to the dashcam's network. This vulnerability can be exploited on the physical device, although the attack's complexity is considered high.
Impact
Exploitation of this vulnerability allows unauthorized access to the dashcam's network, potentially leading to further attacks on the device or interception of sensitive data.
Reproduction
To reproduce this vulnerability, first pair a device with the dashcam. Once paired, obtain the MAC address of the paired device through ARP scanning. Then, spoof the MAC address to match that of the paired device. After successfully spoofing the MAC address, connect to the dashcam without completing the pairing process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.