How not to use dbus (in cars or anywhere else)
Colin Walters
walters at verbum.org
Mon Aug 24 08:03:25 PDT 2015
http://illmatics.com/Remote%20Car%20Hacking.pdf
1) Exposing the bus over TCP. I'd recommend having debugging sessions go over ssh.
1a) Exposing the bus over TCP to all interfaces, including an interface for the public internet
2) Using the ANONYMOUS mechanism (related to #1)
3) Not using PolicyKit or other authorization mechanism
4) Having a method that executes arbitrary code mixed in with normal methods
More information about the dbus
mailing list