Advanced Driver Assistance Systems (ADASs) are crucial components of intelligent vehicles, equipped with a vast code base. To enhance the security of ADASs, it is essential to mine their vulnerabilities and corresponding exploitation methods. However, mining buffer overflow (BOF) vulnerabilities in ADASs can be challenging since their code and data are not publicly available. In this study, we observed that ADAS devices commonly utilize unencrypted protocols for module communication, providing us with an opportunity to locate input stream and buffer data operations more efficiently. Based on the above observation, we proposed a communication-traffic-assisted ADAS BOF vulnerability mining and exploitation method. Our method includes firmware extraction, a firmware and system analysis, the locating of risk points with communication traffic, validation, and exploitation. To demonstrate the effectiveness of our proposed method, we applied our method to several commercial ADAS devices and successfully mined BOF vulnerabilities. By exploiting these vulnerabilities, we executed the corresponding commands and mapped the attack to the physical world, showing the severity of these vulnerabilities.
