Vulnerabilities in Autel MaxiCharger Identified at Blackhat EU
/ 1 min read
🔍 New vulnerabilities in Autel MaxiCharger revealed at Blackhat EU. Security researchers Jonathan Andersson and Thanos Kaliyanakis presented findings on the Autel MaxiCharger, highlighting methods to bypass readout protection on its GD32 device, which prevents internal flash dumping. The charger features various communication modules, including Ethernet, Wi-Fi, and a mysterious USB-C port, alongside an ESP32 for Bluetooth operations. The teardown revealed that the 4G module, using a Qualcomm LTE modem, has debugging capabilities, while several unused ports suggest potential for further exploration. The researchers aim to encourage vulnerability research on the MaxiCharger ahead of the upcoming Pwn2Own Automotive event in January 2025, emphasizing the need for improved product security among IVI vendors.
