The FBI Warns That Car Hacking Is a Real Risk | WIRED

It’s been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee (news also noted in this blog). Now the FBI has caught up with that news, and it’s warning Americans to take the risk of vehicular cybersabotage seriously.

The FBI Warns That Car Hacking Is a Real Risk article at http://www.wired.com/2016/03/fbi-warns-car-hacking-real-risk/ tells that in a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks.

We are really entering the era of Internet of Exploits.

The FBI and DOT’s advice includes keeping automotive software up to date and staying aware of any possible recalls that require manual security patches to your car’s code. You should also avoid any unauthorized changes to a vehicle’s software and being careful about plugging insecure gadgets into the car’s network.

 

156 Comments

  1. Tomi Engdahl says:

    Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button
    https://www.forbes.com/sites/thomasbrewster/2019/08/25/hacker-claims-he-can-immobilize-25000-cars-at-the-push-of-a-button/

    Hackers found a way to take over 25,000 car immobilizers and lock down all of them at once.

    Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it’s possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer – the U.K.-made SmarTrack tool from Global Telemetrics – an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.

    Reply
  2. Tomi Engdahl says:

    Ian Tabor has created a couple of small, open-source adapter boards so you can get microcontrollers talking with your car! At DEFCON, he generously gave us both versions – for Arduino Nano and ESP32. See below for directions on making and using these, as well as Ian’s excellent blog about his own projects.

    // https://mintynet.com
    // https://github.com/mintynet/nano-can
    // https://github.com/mintynet/esp32-slcan
    // https://twitter.com/mintynet

    Reply
  3. Tomi Engdahl says:

    Keeping Hackers Out of Connected Cars
    https://www.designnews.com/electronics-test/keeping-hackers-out-connected-cars/7386634661309?ADTRK=InformaMarkets&elq_mid=9699&elq_cid=876648

    The auto industry is scrambling to catch up with the fast pace of innovation and find a security approach that will prevent attacks, save lives, protect personal data

    Reply
  4. Tomi Engdahl says:

    A woman’s stalker used an app that allowed him to stop, start and track her car
    https://www.washingtonpost.com/technology/2019/11/06/womans-stalker-used-an-app-that-allowed-him-stop-start-track-her-car/

    In the Australia case, which resulted in the 38-year-old man pleading guilty to stalking charges in the Hobart Magistrates Court, he tracked the woman’s phone location using spyware, for which he paid a monthly fee, ABC reported. Though disturbing, that method of surveillance is relatively widespread, according to a Motherboard report on the “stalkerware surveillance market” that put the number of victims in the tens of thousands.

    But the man also used an app that integrated with the woman’s Land Rover. He helped her purchase it when the two were together, which gave him access to the car’s registration information, allowing him to set up the app. ABC did not identify the app, but its functions are similar to Land Rover’s “InControl” app, which allows car owners to start their vehicles remotely, adjust temperatures and track their locations.

    Reply
  5. Tomi Engdahl says:

    NVIDIA Patches Severe Flaws in Mercedes Infotainment System Chips
    https://www.bleepingcomputer.com/news/security/nvidia-patches-severe-flaws-in-mercedes-infotainment-system-chips/
    NVIDIA released security updates for six high severity vulnerabilities
    found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier,
    TK1, TX1, TX2, and Nano chips used in Mercedes-Benz’s MBUX
    infotainment system and Bosch self-driving computer systems. The chips
    affected by these flaws are also used in HP and Acer Chromebooks

    Reply
  6. Tomi Engdahl says:

    BMW and Hyundai hacked by Vietnamese hackers, report claims
    https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/
    Hacks linked to Ocean Lotus (APT32), a group believed to operate with
    orders from the Vietnamese government. German media is reporting that
    hackers suspected to have ties to the Vietnamese government have
    breached the networks of two car manufacturers, namely BMW and
    Hyundai. The report, coming from Bayerischer Rundfunk (BR) and
    Taggesschau (TS), claims that hackers breached the network of a BMW
    branch sometime this spring. Read also (in German):
    https://www.tagesschau.de/investigativ/br-recherche/bmw-hacker-101.html
    and
    https://www.br.de/nachrichten/wirtschaft/fr-autoindustrie-im-visier-von-hackern-bmw-ausgespaeht,
    RjnLkD4

    Reply
  7. Tomi Engdahl says:

    Connected Car Security Is a New Kind of Mobile Security Risk
    https://securityintelligence.com/articles/connected-car-security-is-a-new-kind-of-mobile-security-risk/
    Earlier this year, we published a piece about the need for a
    cybersecurity wake-up call in the automotive industry. The focal point
    of the story was a report on the industry by Synopsys that brought up
    critical red flags for all organizations operating within the
    automotive supply chain.. Fast forward to just over half a year later
    (an eternity in the tech world), and there appears to be more cause
    for optimism.

    Reply
  8. Tomi Engdahl says:

    Automotive cybersecurity incidents doubled in 2019, up 605% since 2016
    https://www.helpnetsecurity.com/2020/01/06/automotive-cybersecurity-incidents/
    Upstream Securitys 2020 Automotive Cybersecurity Report shares
    in-depth insights and statistics gleaned from analyzing 367 publicly
    reported automotive cyber incidents spanning the past decade,
    highlighting vulnerabilities and insights identified during 2019

    Reply
  9. Tomi Engdahl says:

    Attacking Driverless Cars with Projected Images
    https://www.schneier.com/blog/archives/2020/02/attacking_drive.html
    Interesting research — “Phantom Attacks Against Advanced Driving
    Assistance Systems”:. Read also: https://www.nassiben.com/phantoms

    Reply
  10. Tomi Engdahl says:

    Modern vehicles are rightfully termed as “software on wheels”. They are increasingly connected, with growing numbers of entry points and highly sophisticated internal networks controlling critical functions. With increased E/E and software complexity, a multi-fold increase in cyber-security incidents has also been observed. These internet-based threats include packets with malicious connection states, contents or sources, and denial of service (DoS) attacks. That calls for a multilayered approach to ensure vehicle security as well as overall vehicle safety and reliability.

    Reply
  11. Tomi Engdahl says:

    The Jailbreaker Enzo is a CAN-bus ECU module that re-calculates and changes CAN-bus traffic by request/response logic, giving your Uconnect features not enabled from factory. http://www.customtronix.com/webshop/jailbreaker-enzo/

    Reply
  12. Tomi Engdahl says:

    Meet the Guy Selling Wireless Tech to Steal Luxury Cars in Seconds
    https://www.vice.com/en_us/article/7kz48x/guy-selling-relay-attack-keyless-repeaters-to-steal-cars

    Motherboard obtained a video of a so-called relay attack from EvanConnect, who sells keyless repeaters that can be used to break into and steal luxury cars

    Reply
  13. Tomi Engdahl says:

    Hackers can trick a Tesla into accelerating by 50 miles per hour
    https://www.technologyreview.com/s/615244/hackers-can-trick-a-tesla-into-accelerating-by-50-miles-per-hour/
    The researchers stuck a tiny and nearly imperceptible sticker on a
    speed limit sign. The camera read the sign as 85 instead of 35, and in
    testing, both the 2016 Tesla Model X and that years Model S sped up 50
    miles per hour.. Also
    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/model-hacking-adas-to-pave-safer-roads-for-autonomous-vehicles/

    Reply
  14. Tomi Engdahl says:

    People Are Jailbreaking Used Teslas to Get the Features They Expect
    https://www.vice.com/en_us/article/y3mb3w/people-are-jailbreaking-used-teslas-to-get-the-features-they-expect
    People have certain expectations when they buy a car. For example,
    they expect it to work for years afterwards needing only basic
    maintenance. They also expect that the purchase price includes
    ownership of not only the physical car itself but all the software
    that runs it.. Tesla doesnt agree. But that doesnt mean Tesla owners
    are helpless. Sadow and others have ways to push back against Tesla by
    jailbreaking the cars and getting the features owners feel are
    rightfully theirs.

    Reply
  15. Tomi Engdahl says:

    Andy Greenberg / Wired:
    Researchers discover flaws in immobilizer encryption systems used in some Toyota, Hyundai, and Kia keys, letting attackers gain access with inexpensive hardware

    Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys
    Encryption flaws in a common anti-theft feature expose vehicles from major manufacturers.
    https://www.wired.com/story/hackers-can-clone-millions-of-toyota-hyundai-kia-keys/

    Reply
  16. Tomi Engdahl says:

    Matthew Dowsett Seeks Crowdfunding for the Sparkdog PF-DI Engine Management Expansion Board
    https://www.hackster.io/news/matthew-dowsett-seeks-crowdfunding-for-the-sparkdog-pf-di-engine-management-expansion-board-7d89b315fff9

    Designed for both standalone use and as an expansion to DIY ECU projects, the Sparkdog includes Arduino and Teensy headers.

    Reply
  17. Tomi Engdahl says:

    Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks
    https://www.securityweek.com/vulnerabilities-expose-lexus-toyota-cars-hacker-attacks

    Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.

    Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same system is also used in other models, including LS and ES series — has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car.

    According to Keen Security Lab, these flaws could be abused to compromise the AVN and internal CAN network and related electronic control units (ECUs).

    Furthermore, the researchers said they were able to wirelessly take control of the AVN unit without user interaction, then inject malicious CAN messages to cause the car to perform “physical actions.”

    Reply
  18. Tomi Engdahl says:

    CVE-2020-10558 | Tesla Model 3 Vulnerability – Disable Autopilot Notifications, Speedometer, Web Browser, Climate Controls, Turn Signals, Nav, etc.

    https://safekeepsecurity.com/about/cve-2020-10558/

    Reply
  19. Tomi Engdahl says:

    Automotive Cybersecurity Hacks Made Easy
    Low-tech thieves can still hack car key fobs with easy to get hardware-software and poorly developed policies for on-board diagnostic protocols.
    https://www.designnews.com/automotive-0/automotive-cybersecurity-hacks-made-easy/149141824262480?ADTRK=InformaMarkets&elq_mid=12864&elq_cid=876648

    Key Takeaways:

    Sniffing and jamming of automotive RF signals a growing security problem
    Automotive wireless key entry systems remain vulnerable to easy-to-get hacking technology
    Security standards should not be open for general use regardless of labor policies

    Not that long ago, while attending a technical conference in San Francisco, my colleague’s high-end BMW was broken into by a cyberattacker. There was no damage to the car but both of our laptops (secured in the trunk) were stolen. From that point on, automotive wireless security issues became a real concern for me.

    How did the break-in occur? With great ease, according to several recent news stories. Using a $30 tool developed by hackers to “pwn’ the onboard security systems, unskilled criminals can easily open and steal high-end cars. “Pwn” is an Internet slang for “own” as in conquering or stealing to gain ownership. With the $30 tool from China, criminals are able to reprogram a blank car key fob that allows these non-techie thieves to steal a vehicle within two or three minutes. And it’s not just China questionable tech. A careful Internet search reveals a certain cipher development kit offered by a leading US company. One hopes its primary use is to develop ways to defend against ongoing hacks.

    Part of the problem is automotive on-board diagnostics (OBD) bypass tools available via shipment from China and Eastern Europe. Potential car thieves need only intercept the wireless transmission between a valid key fob and a car before reprogramming a blank key. With the new key/fob in hand, the criminals can then either open the car or start it, via the OBD system and protocols.

    RF and wireless sniffers and jamming products are readily available on the Internet.

    RF jammers exist for every type of wireless protocol from GPS, Wi-Fi and Bluetooth to mobile phones. Why jam signals from within your car? One reason would be to hide any GPS tracking data that is being sent out about the location of your car’s journey. Cell phone transmissions can also be jammed. Further, such jammers could be used against near-by vehicles depending upon their proximity, the jammer’s transmitter power strength and the target receiver’s architecture (i.e., the vehicle being jammed).

    Detecting the presence of a jammer is key in mitigating the issue since it is very difficult to jam the jammer. Technically savvy car owners can use spectrum analyzers to measure average energy changes in the car fob’s locking spectrum. Detecting a jamming scenario lets the car owner know that danger is present. The technology is now so prolific that a quick search on the Internet will reveal instructions on how exactly to hack a car’s key fob in surprising detail.

    Concerning policy challenges, it must be understood that OBD readers are readily available for legitimate purposes to car repair and after-market shops. One problem is that the OBD data needs to be open to such third-party garages to satisfy the European free trade federation’s rules on open competition in the automotive trade business.

    This means that both technology and well-intended but ill-conceived foreign market labor policies enable cybercrime in a global economy. It is a systemic problem that will need close cooperation between high-tech security and software companies, OEMs, and policy makers in a variety of governments.

    Still, more could be done to improve the often-called weak cryptography of many wireless automotive key systems. Several standards have emerged that should help.

    The problem now extends beyond the vulnerabilities of wireless, keyless car locking systems. In late 2019, Motherboard reported that a hacker known only as L&M cracked more than 27,000 commercial car fleet accounts through GPS signals. The hacker could then track vehicles in a small number of foreign countries, including India and the Philippines, and shut down vehicle engines that were stopped or traveling 12 mph or slower, Motherboard reported.

    Reply
  20. Tomi Engdahl says:

    Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts
    yelling ‘Security! We have a problem…’
    https://www.theregister.co.uk/2020/04/09/which_car_hacking_report/
    Modern connected cars contain security threats, consumer org Which?
    has said after commissioning analyses of two models, a Ford and a
    Volkswagen.

    Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts yelling ‘Security! We have a problem…’
    Spoiler: It found a tyre pressure sensor and a Wi-Fi password

    Context found that “simply lifting the VW badge on the front of the car gave access to the front radar module, which could potentially allow a hacker to tamper with the collision-warning system.” That is, someone malicious could pull the radar sensor out.

    Meanwhile, Context’s bods were also probing the Ford’s CAN bus and items connected to it. Its IVI was “connected to three separate buses, including the powertrain,” which the researchers said “could potentially give access to engine controls.”

    Both cars’ wireless key locking systems were vulnerable to relay and replay attacks, a well-known problem gleefully exploited by car thieves and largely ignored by industry despite having been a known issue for years.

    Remarking on what the study did not appear to have looked at, Tabor commented: “There is no mention of the EU mandated E-Call system that could potentially be tracking the vehicle at all times?”

    Nonetheless, Context did say it had found what looked very much like a Ford factory Wi-Fi password saved in that car’s IVI, presumably from factory testing.

    Inevitably, Which”, which describes itself as a “consumer champion” demanded more “regulations” on CAN bus security to reduce what it claimed was “the risk, both to financial and to human life.” It is unclear exactly how Which? reached that conclusion, with its study not detailing any direct interference with safety-critical systems it was able to achieve. At most it was able to suggest that tyre pressure sensors could indicate a flat tyre was fully pumped up.

    Most drivers are probably capable of noticing if one or more tyres is flat or running on the wheel rim

    Reply
  21. Tomi Engdahl says:

    How to Stop Automotive Key-Fob Encryption Hacks
    https://www.electronicdesign.com/markets/automotive/article/21130290/how-to-stop-automotive-keyfob-encryption-hacks

    Even key fobs are the targets of cyberattacks, enabling hackers to steal your car—or worse. Prevention involves new crypto schemes, but only use those that are thoroughly vetted.

    Reply
  22. Tomi Engdahl says:

    How to Stop Automotive Key-Fob Encryption Hacks
    Even key fobs are the targets of cyberattacks, enabling hackers to steal your car—or worse. Prevention involves new crypto schemes, but only use those that are thoroughly vetted.
    https://www.electronicdesign.com/markets/automotive/article/21130290/how-to-stop-automotive-keyfob-encryption-hacks?utm_source=EG+ED+Auto+Electronics&utm_medium=email&utm_campaign=CPS200504049&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    Modern cars are essentially software on wheels—“smart” collections of automotive systems, including entertainment, braking, power, locks, window controls, and so on. As the number of electronic control units (ECUs) in vehicles explodes, so do the number of lines of code, presenting a rich field of opportunities for hackers.

    In turn, key fobs, the small hardware devices with built-in authentication used to control and secure access to the vehicle, have proven to be low-hanging fruit for cyber criminals looking to attack vehicle systems.

    As with other vehicle systems, key fobs are becoming increasingly complex, supporting an array of features. Key fobs not only unlock the vehicle and enable the ignition controls, but can be used to lower windows, open a sunroof, fold in mirrors, and set seat locations and radio channels. Tesla Model S and Model X key fobs can even be used to initiate automated parking and unparking sequences. Hit “Summon” on the key fob and your Tesla comes to you!

    Reply
  23. Tomi Engdahl says:

    Hacker buys old Tesla parts on eBay, finds them full of user data
    https://arstechnica.com/cars/2020/05/hacker-mines-passwords-locations-and-more-from-retired-tesla-infotainment-gear/
    Data can be retrieved even after owners perform a factory reset,
    researcher says. Examples included phonebooks from connected cell
    phones, call logs containing hundreds of entries, recent calendar
    entries, Spotify and W-Fi passwords stored in plaintext, locations for
    home, work, and all places navigated to, and session cookies that
    allowed access to Netflix and YouTube (and attached Gmail accounts).

    Reply
  24. Tomi Engdahl says:

    Macchina’s $28 ODB2 Breakout Board Aims to Simplify Automotive Hacking, Development
    https://www.hackster.io/news/macchina-s-28-odb2-breakout-board-aims-to-simplify-automotive-hacking-development-b57a2b544378

    Designed for easy sniffing, man-in-the-middle attacking, and emulation of ODB2 devices, the breakout is configured using jumper wires.

    Reply
  25. Tomi Engdahl says:

    CCTV video shows suspects using electronic method to steal cars in northeast Toronto
    https://toronto.citynews.ca/2020/07/14/toronto-northeast-vehicle-electronic-thefts/

    Toronto police are warning vehicle owners in the city’s northeast there’s been a rise in car thefts in the area — and that the suspects appear to be taking advantage of keyless remote technology.

    Police said the suspects are targetting newer vehicles that use keyless FOBs and are usually stolen from driveways in the middle of the night.

    “It is believed that thieves stand near the front door of a house, holding a device that captures the signal emitted from the keyless FOB,” police said on Tuesday. “This device is a radio frequency amplifier that will increase the signal range of the keyless FOB.”

    Reply
  26. Tomi Engdahl says:

    Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
    https://threatpost.com/black-hat-19-flaws-connected-mercedes-benz-vehicles/158144/
    Researchers went into detail about the discovery and disclosure of 19
    security flaws they found in Mercedes-Benz vehicles, which have all
    been fixed.

    Reply
  27. Tomi Engdahl says:

    He says he could access any Tesla in the entire network — and even force it to move.

    A Hacker Reportedly Gained Access to Tesla’s Entire Fleet
    https://futurism.com/the-byte/hacker-reportedly-gained-access-teslas-entire-fleet

    A new Electrek story details the saga of Jason Hughes, a whitehat hacker who says he managed to gain a flabbergasting level of access to Tesla’s internal servers — managing to seize control of the company’s entire fleet of electric vehicles.

    The alleged hack took place back in March 2017, and Hughes immediately alerted Tesla’s security team, which quickly patched the security hole. Still, it’s a fascinating glimpse at the perils of connected vehicles.

    https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/

    After Tesla started to give customers access to more data about Supercharger stations, mainly the ability to see how many chargers were currently available at a specific charging station through its navigation app, Hughes decided to poke around and see if he could expose the data.

    He told Electrek:

    “I found a hole in the server-side of that mechanism that allowed me to basically get data for every Supercharger worldwide about once every few minutes.”

    The hacker shared the data on the Tesla Motors Club forum, and the automaker seemingly wasn’t happy about it.

    Someone who appeared to be working at Tesla posted anonymously about how they didn’t want the data out there.

    Hughes couldn’t really send Tesla cars driving around everywhere like Tesla’s CEO described in a strange scenario few months later, but he could “Summon” them.

    In 2016, Tesla released its Summon feature, which enables Tesla owners to remotely move their cars forward or backward a few dozen feet without anyone in them.

    While on the phone, Hughes then asked Sigel to give him the VIN number of the Tesla vehicle closest to him. The hacker proceeded to “summon” the car, which was in California, from his home in North Carolina.

    At which point Hughes jokingly said that this bug report should be worth a brand new Tesla.

    He didn’t end up getting a new Tesla, but the automaker awarded him a special $50,000 bug report reward — several times higher than the max official bug reward limit

    Tesla used the information provided by Hughes to secure its network.

    That Friday, they ended up working overnight and managed to fix the main bug in Mothership within a few hours.

    After a few days, they fixed the entire bug chain the hacker exploited to remotely gain control of Tesla’s entire fleet.

    Reply
  28. Tomi Engdahl says:

    Elon Musk: “In principle, if someone was able to say hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ [laugh] – across the United States… and that would be the end of Tesla and there would be a lot of angry people in Rhode Island.”

    https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/

    Reply
  29. Tomi Engdahl says:

    Tesla Can Detect Aftermarket Hacks Designed to Defeat EV Performance Paywalls
    You wouldn’t download a car—but would you download a quicker 0-60 mph time?
    https://www.thedrive.com/news/35946/tesla-can-detect-aftermarket-hacks-designed-to-defeat-ev-performance-paywalls

    Reply
  30. Tomi Engdahl says:

    Exploring this Nissan infotainment system lead to a simple hack to get root access.

    https://hackaday.com/2021/01/30/nissan-gives-up-root-shell-thanks-to-hacked-usb-drive/

    Reply
  31. Tomi Engdahl says:

    April 29 presentation at the virtual CanSecWest security conference, the daring duo described the manner they went about hacking a Tesla Model X from a hovering DJI Mavic 2.

    German pilots film their drone hack of a Tesla
    https://dronedj.com/2021/04/30/german-pilots-film-their-drone-hack-of-a-tesla/

    It’s well known short traders are atop the many, many things Tesla honcho Elon Musk hates in this world. But it’s a safe bet mischievous drone geeks now populate that list ­– especially after a pair of pilots hacked one of his luxury rides open from the air.

    They said multiple test runs using a Wi-Fi dongle allowed them to compromise the car’s command system in three minutes or less. They demonstrated their exploit with elevated footage of an empty blue Tesla obediently flapping its doors open and shut on command.

    Reply
  32. Tomi Engdahl says:

    Tesla Car Hacked Remotely From Drone via Zero-Click Exploit
    https://www.securityweek.com/tesla-car-hacked-remotely-drone-zero-click-exploit

    Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.

    This was the result of research conducted last year by Ralf-Philipp Weinmann of Kunnamon and Benedikt Schmotzle of Comsecuris. The analysis was initially carried out for the Pwn2Own 2020 hacking competition — the contest offered a car and other significant prizes for hacking a Tesla — but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.

    The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction.

    Reply
  33. Tomi Engdahl says:

    Researchers Find Exploitable Bugs in Mercedes-Benz Cars
    https://www.securityweek.com/researchers-find-exploitable-bugs-mercedes-benz-cars

    Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution.

    The vulnerabilities were found in the Mercedes-Benz User Experience (MBUX), the infotainment system initially introduced on A-class vehicles in 2018, but has since been adopted on the car maker’s entire vehicle line-up.

    The vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, provides hackers with remote control of some of the car’s functions, but not with access to physical features, such as steering or braking systems.

    In addition to targeting the main infotainment head unit, the security researchers also analyzed Mercedes-Benz’s T-Box, successfully exploited some of the identified attack scenarios, and even combined some of them to compromise the head unit even in real-world vehicles.

    Reply
  34. Tomi Engdahl says:

    Mercedes Benz MBUX security research report https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
    This report showed how we performed our security research on MercedesBenzs newest infotainment system, MBUX. . we demonstrated what the attacked could do [...] for two attack scenarios, the removed head units and the real-world vehicles [... to ...] send arbitrary CAN messages on T-Box and how to bypass the code signing mechanism to flash a custom SH2A MCU firmware

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*