EPISODE · Nov 26, 2025 · 40 MIN
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025)
from Chaos Computer Club - recent audio-only feed · host Avi Lumelsky
Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a single vulnerability we discovered in the AirPlay SDK. We'll take you through our entire exploit development process from identifying the vulnerability, to testing it on a custom device emulator, and finally, executing the exploit on actual devices. The session will include a demonstration of our RCE exploit on a well known third-party CarPlay device to show how an attacker can run arbitrary code while in physical proximity to a target car. We will also share how we managed to blindly exploit CarPlay without a debugger, knowing the vulnerable code is present on the system. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de
What this episode covers
Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a single vulnerability we discovered in the AirPlay SDK. We'll take you through our entire exploit development process from identifying the vulnerability, to testing it on a custom device emulator, and finally, executing the exploit on actual devices. The session will include a demonstration of our RCE exploit on a well known third-party CarPlay device to show how an attacker can run arbitrary code while in physical proximity to a target car. We will also share how we managed to blindly exploit CarPlay without a debugger, knowing the vulnerable code is present on the system. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de
NOW PLAYING
Pwn My Ride: Jailbreaking Cars with CarPlay (god2025)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Feb 8, 2026 ·4m
Jan 30, 2026 ·6m
Jan 2, 2026 ·47m