We demonstrate how attackers can apply split-second phantom attacks remotely by embedding phantom road signs into an advertisement presented on a digital billboard which causes Tesla’s autopilot to suddenly stop the car in the middle of a road and Mobileye 630 to issue false notifications.
We discuss the challenge that split-second phantom attacks create for ADASs. In this talk, we present "split-second phantom attacks," a scientific gap that causes two commercial advanced driver-assistance systems (ADASs), Telsa Model X (HW 2.5 and HW 3) and Mobileye 630, to treat a depthless object that appears for a few milliseconds as a real obstacle/object. Kevin2600 has spoken at various conferences including KCON DEFCON and CANSECWEST. He mainly focuses on vulnerability research in wireless and embedded systems. Huajiang "Kevin2600" Chen (Twitter: is a senior security researcher.
He specializes in Web Security and a Bug Bounty Hunter. Wu Ming (Twitter: is a senior security engineer. Finally, we'll present a video demo of exploiting the vulnerability. We'll explain the details of how do we overcome these limits, and show how our payloads manipulate the system in order to get a reverse shell with Root privilege. Start from firmware acquisition, and the various challenges of exploiting EVLink. We will be diving into the journey of reverse engineering EVLink Charging station.
Then we'll walk through step by step how do we found an RCE Vulnerability from it. We'll start by explaining the architecture components, and protocols involved in such a system. In this talk, we'll present 3 vulnerabilities (CVE-2021-22706 CVE-2021-22707, and CVE-2021-22708) which we found in Schneider Electric's EVLink Charging System. Therefore we conducted an in-depth security analysis for the EV charging stations from Schneider Electric. How safely and easily charge electric vehicles, is deeply impacting the way people travel. In recent years the emergence of a new security threat to the electric vehicle charging ecosystem.