CV2XFuzzer: C-V2X Parsing Vulnerability Discovery System Based on Fuzzing

With the continuous growth and development of autonomous driving, the demand for advanced wireless communication technology like Cellular Vehicle-To-Everything (C-V2X) has been on the rise. Since C-V2X is implemented on vehicles, the security of this technology directly impacts people’s safety. However, few works analyze the security and discover the vulnerabilities of devices that implement C-V2X. We present a vulnerability discovery system CV2XFuzzer for C-V2X air interface communication protocol implementations. CV2XFuzzer is based on fuzzing and supports the automatic discovery of vulnerabilities in the parsing part of the C-V2X PC5 interface message layer. By using the ASN.1 syntax template of C-V2X, CV2XFuzzer generates data, which is transmitted to the target device using a self-built air interface communication tool based on Quectel AG15. The status of the process PID and TCP connection is monitored for status feedback. We used CV2XFuzzer to test various available C-V2X terminal devices and discovered four vulnerabilities, furthermore, we developed the first publicly disclosed Remote Command Execute (RCE) exploitation based on the C-V2X air interface. These findings verify the efficacy of the vulnerability discovery system proposed in our work.