Looking at the Attack Surfaces... Note

Looking at the Attack Surfaces of the Kenwood DMX958XR IVI

The Kenwood DMX958XR is an in-vehicle infotainment (IVI) head unit that supports various technologies, including USB, Bluetooth, Android Auto, Apple CarPlay, and Kenwood apps. This blog post aims to outline the attack surface of the DMX958XR to inspire vulnerability research. The head unit's USB-C port supports wired Android Auto and Apple CarPlay, and also allows for playback of audio and video files from a USB flash drive. Bluetooth version 5 is supported for making and receiving calls, and playing audio from a paired mobile phone. The head unit uses various open-source software, including OpenSSL, Cairo, and Gstreamer. The Kenwood Portal App allows users to transfer photos from their mobile phone to the head unit over Bluetooth, which could be an interesting attack surface. The Kenwood Remote S app connects to the head unit over Bluetooth and allows for multimedia control. The DMX958XR firmware will be covered in a future blog post. The next post in the series will detail the DMX958XR firmware.