BYD DiLink 3.0 OS Log Dump Encryption Vulnerability in IVI System

A vulnerability exists in the DiLink 3.0 OS, specifically in version 13.1.32.2307211.1, used in BYD vehicles' In-Vehicle Infotainment (IVI) systems, such as the ATTO 3 model. The issue arises from an incorrect implementation of encryption for system log dumps, which are stored on the IVI unit's storage. This flaw allows an attacker with physical access to the vehicle to bypass the encryption and access sensitive information in the logs, including personally identifiable information (PII) and location data. This vulnerability was introduced in a patch that aimed to address a previous issue (CVE-2024-54728).

Impact

Exploitation of this vulnerability allows access to sensitive system log data, including PII and location information, potentially leading to privacy violations and unauthorized tracking of the vehicle's movements.

Reproduction

To reproduce this vulnerability, physical access to a BYD vehicle with the affected DiLink 3.0 OS version is required. Once inside the vehicle, access the multimedia unit's debug port. From there, locate the encrypted log dump files. Due to the flawed encryption, the encryption key for the log dumps can be generated, allowing extraction of the sensitive data.

Remediation

BYD is advised to review and correct the encryption implementation for system log dumps. A secure asymmetric encryption algorithm with proper key management should be employed, and the new implementation should undergo independent testing.