JVNVU#99396686
A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit)
Overview
TOYOTA MOTOR's DCU (Display Control Unit) contains a vulnerability which is triggered by BlueBorne vulnerability.
Products Affected
2017 Model Year DCUs are affected.
These DCUs are mounted on the vehicles listed below:
- Vehicle: LC, LS, NX, RC, RC-F, CAMRY, SIENNA
- The period of time: October 2016 to October 2019
- Region: Worldwide regions except Japan
Description
TOYOTA MOTOR's DCU contains a vulnerability which is triggered by BlueBorne vulnerability.
Impact
An unauthenticated attacker may cause a denial of service (DoS) condition or execute an arbitrary command on the DCU.
Certain vehicle operations may be conducted via DCU.
According to the developer, critical vehicle controls such as driving, turning, and stopping are not affected.
For details, refer to the information under [Vendor Status] and [References].
Solution
Update DCU
The developer states that the update fixing this vulnerability is available.
For the details, refer to [Vendor Status].
Vendor Status
| Vendor | Link |
| TOYOTA MOTOR CORPORATION | Toyota Acknowledges Tencent Keen Security Lab's Initiatives for Improving Automotive Cybersecurity |
References
-
Tencent Keen Security Lab
Experimental Security Assessment on Lexus Cars -
CERT/CC Vulnerability Note VU#240311
Multiple Bluetooth implementation vulnerabilities affect many devices
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
This analysis assumes that the attacker has the knowledge on internals of the targeted vehicle and its components, accesses the DCU via Bluetooth, and sends diagnostic commands to ECUs of the vehicle.
Availability impact is evaluated as "Low/Partial" since the developer states that the critical vehicle controls (driving, turning, stopping, etc.) are not affected.
Credit
TOYOTA MOTER CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2020-5551 |
| JVN iPedia |
|