DriveThru Hacking: When Your Dashcam Becomes the Attack Vector | A Redefining CyberSecurity Podcast Conversation with Alina Tan and George Chen episode artwork

EPISODE · Apr 15, 2026 · 31 MIN

DriveThru Hacking: When Your Dashcam Becomes the Attack Vector | A Redefining CyberSecurity Podcast Conversation with Alina Tan and George Chen

from Redefining CyberSecurity · host ITSPmagazine, Sean Martin, Alina Tan, George Chen

⬥EPISODE NOTES⬥ What if the device quietly recording your daily commute could be turned against you in the time it takes to order a burger? That is not a hypothetical -- it is a demonstrated reality. Alina Tan, Security Architect and Co-Founder of HE&T Security Labs, and George Chen, Security Architect for a large global company, have spent years dissecting the attack surface of connected vehicle peripherals. Their research -- presented at SecTor and Black Hat Asia 2025 -- introduces a novel attack technique they call "DriveThru Hacking": an automated method for compromising dashcams through Wi-Fi within a standard drive-through window. The attack is unsettling in its simplicity. Most dashcams ship with default or easily guessable credentials, and many manufacturers do not even allow users to change them. Within a six-minute exposure window, Alina and George's tool -- DriveThru Hacker -- can discover, connect to, and exfiltrate video, audio, and GPS data from a target dashcam, then use an LLM to stitch together a timeline of the owner's home, workplace, daily routes, and private conversations. The result is a shockingly detailed picture of someone's life, assembled entirely from a device most people never think to secure. The research goes further than individual privacy. George walks through how 4G/5G-connected dashcams dramatically expand the attack surface beyond physical proximity -- opening doors to remote credential stuffing, API privilege escalation, and web-based attacks on cloud-connected accounts. More alarming still, Alina and George demonstrate how compromised dashcams can be converted into a mobile botnet -- a network of roaming, internet-connected nodes whose reach is not bounded by geography. Unlike static IoT devices, these infected cameras move through cities, near sensitive installations, and into places that are deliberately obscured from public maps. The conversation also digs into the broader ecosystem: the infotainment network and CAN bus segmentation (or lack thereof), over-the-air firmware update security, the challenge of detection and response when dashcams have no audit logs whatsoever, and what responsible disclosure looked like when contacting over a dozen manufacturers -- most of whom had no dedicated security inbox and some of whom had no contact information at all. Alina and George close with practical hardening recommendations for both consumers and manufacturers, and a look at what intrusion prevention for embedded devices might look like as this research continues. The connected car conversation has long focused on the vehicle itself. This episode makes the case that the accessories attached to it deserve equal scrutiny -- and that the window to act, like the drive-through line, is shorter than most realize. ⬥GUESTS⬥ Alina Tan, Security Architect and Co-Founder at HE&T Security Labs | Website: https://www.heatsecuritylabs.com/ George Chen, Security Architect for a large global company | On LinkedIn: https://www.linkedin.com/in/geoc/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ HE&T Security Labs | https://www.heatsecuritylabs.com/ DriveThru Hacking Session (Black Hat Asia 2025) | https://blackhat.com/asia-25/sponsored-sessions/schedule/index.html#drivethru-hacking-45214 The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ Redefining CyberSecurity Podcast | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq The Future of Cybersecurity Newsletter | https://itspm.ag/future-of-cybersecurity Connect with Sean Martin | https://www.seanmartin.com/ ⬥KEYWORDS⬥ alina tan, george chen, he&t security labs, sean martin, dashcam security, connected vehicle cybersecurity, iot security, vehicle privacy, drivethru hacking, wi-fi hacking, mobile botnet, automotive cybersecurity, firmware security, over-the-air updates, credential stuffing, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Your dashcam is capturing far more than accidents -- and researchers Alina Tan and George Chen have built an automated tool to prove it, compromising dashcams in under six minutes through a fast food drive-through. This conversation explores how connected vehicle peripherals have become a gateway to privacy invasion, mobile botnets, and a surveillance attack surface that most organizations and consumers are completely unprepared to defend.

NOW PLAYING

DriveThru Hacking: When Your Dashcam Becomes the Attack Vector | A Redefining CyberSecurity Podcast Conversation with Alina Tan and George Chen

0:00 31:09

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Darknet Discussions Darknet Discussions Welcome to "Darknet Discussions," the podcast that gets into the shadows of the internet to bring you the most intriguing, enlightening, and sometimes unsettling stories from the dark web. Hosted by seasoned darknet aficionados, each episode of "Darknet Discussions" explores the intricate dynamics of darknet markets, cybersecurity threats, and the digital underworld. Join us as we interview experts, discuss the latest trends in cybercrime, and shed light on the technologies that operate beneath the surface of everyday internet use. Also, we occasionally go off on a tangent about something completely unrelated. IT Trendsetters SynerComm During each episode, our team is joined by a relevant industry expert to gain insight into new IT trends and learn about important IT and cybersecurity concepts. Our goal is to give you the advice your need to safeguard your network and digital assets. The AI-Powered Lawyer River Braun Welcome to The AI-Powered Lawyer, where host River Braun takes you on a journey into the heart of the AI revolution in law. This isn't about traditional legal practice; it's about exploring cutting-edge technology that's transforming the way we work. Each episode dives into the tools, trends, and techniques redefining what it means to be a lawyer in the age of AI. Subscribe and join us as we redefine law...together! IT Jobs's Podcast IT Jobs Two Cisco CCIEs discussing topics related to getting and IT Job or hiring for an IT Job. Focus on both Network Engineering, Cloud, Development, and CyberSecurity and as much reality as can be brought.

Frequently Asked Questions

How long is this episode of Redefining CyberSecurity?

This episode is 31 minutes long.

When was this Redefining CyberSecurity episode published?

This episode was published on April 15, 2026.

What is this episode about?

⬥EPISODE NOTES⬥ What if the device quietly recording your daily commute could be turned against you in the time it takes to order a burger? That is not a hypothetical -- it is a demonstrated reality. Alina Tan, Security Architect and Co-Founder of...

Can I download this Redefining CyberSecurity episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!