Connect with us
Various vulnerabilities in many automakers allow hackers among other things Various vulnerabilities in many automakers allow hackers among other things

Electric Cars

Various vulnerabilities in many automakers allow hackers, among other things, to control emergency vehicles

Published

on

Modern cars contain more and more different electronics and rely on it more and more. And that can be a problem. According to security researcher Sam Curry, numerous vulnerabilities in the electronic systems of new cars could already allow attackers to remotely track and partially even control such cars. Worse, we are talking about vehicles of various emergency services.

Various vulnerabilities in many automakers allow hackers, among other things, to control emergency vehicles

The weak link in this case is the Spireon Systems website. It is this company that controls GPU data and other telematics for more than 15 million devices, most of which are cars, including police cars and rescue vehicles in the United States.

The problem is that the Spireon Systems website is outdated and lacks modern security methods. Vulnerabilities can allow attackers not only to track cars, but also unlock them, start engines, send navigation commands, and so on.

In addition, security researchers were able to access the corporate systems of BMW, Mercedes Benz and Rolls Royce. In this case, we are talking about other vulnerabilities, they do not allow you to gain control over the machine, but you can get access to confidential data. Security holes in Ferrari’s websites also allow access to administrative privileges and the removal of all customer information.

Another feature is digital license plates. It turned out that Californians are vulnerable to hackers due to security problems with the Reviver company, which just dealt with such signs in this state.

Kerry also shared data on which manufacturers have which security problems at the moment.

Kia, Honda, Infiniti, Nissan, Acura:

  • Fully remote lock, unlock, start engine, stop engine, pinpoint location, flash headlights and signal vehicles using VIN number only.
  • Completely remote account capture and PII disclosure via VIN number (name, phone number, email address, physical address)
  • Ability to block users from remote control of their vehicle, change ownership
  • For Kia, you can access the 360-degree camera remotely.

Mercedes Benz:

  • Access to hundreds of mission-critical internal applications via misconfigured SSO, including, multiple Github instances behind SSO, company-wide internal chat, the ability to join virtually any channel, internal cloud deployment services for managing AWS instances, internal vehicle-related APIs
  • Remote code execution on multiple systems
  • Memory leaks leading to the disclosure of personal data of employees/customers, account access

Hyundai Genesis:

  • Completely remote lock, unlock, start engine, stop engine, pinpoint location, flash headlights and alarm vehicles using just the victim’s email address.
  • Completely remote account takeover and PII disclosure via victim’s email address (name, phone number, email address, physical address)
  • Ability to block users from remote control of their vehicle, change ownership

BMW, Rolls Royce:

  • The core company-wide SSO vulnerabilities that allowed us to access any employee app as any employee allowed us to access internal dealer portals where you can request any VIN to get BMW sales documents. It is also possible to access any application blocked by single sign-on on behalf of any employee, including applications used by remote workers and dealerships.

Ferrari:

  • Full account takeover with zero interaction for any Ferrari customer account
  • IDOR to access all Ferrari customer records
  • Lack of access control allowing an attacker to create, modify, delete employee “back office” administrator accounts and all user accounts with the ability to modify Ferrari-owned web pages through the CMS system.
  • Ability to add HTTP routes to api.ferrari.com (rest-connectors) and view all existing rest-connectors and their associated secrets (authorization headers)

Ford:

  • Full disclosure of stock vehicle memory Telematics API exposes client PII and access tokens for tracking and executing commands on vehicles
  • Reveals configuration credentials used for internal services related to Telematics.
  • Ability to authenticate with a customer account and access all personal information and perform actions on vehicles.
  • Hijacking a customer’s account by misparsing the URL allows the attacker to gain full access to the victim’s account, including the car’s portal.

Toyota:

  • IDOR at Toyota Financial, which discloses the name, phone number, email address, and credit status of any Toyota financial customers.

And it’s not all companies.

Curry’s team informed all companies about the problems in advance, and some of them have already solved them.

Click to comment

Leave a Reply

Your email address will not be published.

Electric Cars

Huawei is already testing its third car. Crossover Aito M9 will be larger than Land Cruiser 300

Published

on

Huawei is already testing its third car Crossover Aito M9

In China, spy photos lit up a new crossover Huawei – Aito M9. A car on the roads was noticed for the first time, before that nothing was reported about it. According to preliminary data, Aito M9 will become a luxury SUV with a price of about 73 thousand dollars, and its main competitor in China will be Li Auto L9, the best car in China last year.

Huawei is already testing its third car.  Crossover Aito M9 will be larger than Land Cruiser 300

Huawei already has a large 6-seat crossover Aito M7, the new model will be larger and longer than the Land Cruiser 300. Aito M9 is expected to receive Huawei’s most advanced autonomous driving system (probably L3 or L3+ level) and will premiere in September -October. Perhaps Aito M9 will be presented on the same stage with Huawei’s flagship phones of the Mate 60 line (Aito M7 was presented on the same stage with Huawei nova 10).

Huawei is already testing its third car.  Crossover Aito M9 will be larger than Land Cruiser 300

Recall that at the moment Huawei has hybrids Aito M5 and Aito M5, as well as a pure electric car Aito M5 EV. Formally, the Aito M9 will be the fourth model of Huawei, in fact it will be the third car, since the Aito M5 EV is just a version of the Aito M5.

Continue Reading

Electric Cars

Audi Activesphere unveiled with adjustable suspension, 600 km range, AR glasses and pickup capability

Published

on

1674801242 Audi Activesphere unveiled with adjustable suspension 600 km range AR

Audi has unveiled the Audi Activesphere concept car, which is designed for off-road driving.

Audi Activesphere unveiled with adjustable suspension, 600 km range, AR glasses and pickup capability

He received a protected bottom, height-adjustable suspension and convenient ways to transport sports equipment. The rear part can turn into a loading area, where you can place, for example, bicycles. That is, the crossover can be used as a pickup truck.

Audi Activesphere unveiled with adjustable suspension, 600 km range, AR glasses and pickup capability

It will get a spacious interior where you can relax when the car is in self-driving mode. The interior fully reflects Audi’s confidence in augmented reality. Passengers will be able to wear augmented reality glasses, which will provide access to the controls of the infotainment system and the virtual assistant. There will be no usual screens, while the glasses will be able to track the indicators of your body.

If the driver wants to take control, the instrument panel and steering wheel will rise into place. Audi clearly expects to take control only at the exit from the road.

Audi Activesphere unveiled with adjustable suspension, 600 km range, AR glasses and pickup capability

Audi Activesphere unveiled with adjustable suspension, 600 km range, AR glasses and pickup capability

Audi claims a range of around 600 km and 270 kW fast charging using an 800 V architecture. According to the developers, the 100 kWh battery will be able to charge from 5 to 80% in 25 minutes.

Audi Activesphere unveiled with adjustable suspension, 600 km range, AR glasses and pickup capability

It is the fourth model in Audi’s electric concept lineup. In August 2021, the company launched this initiative with the Skysphere roadster, and a month later introduced the Grandsphere sedan. Last year’s Urbansphere was called the SUV for the cities of the future, where your car will be not only a means of transportation, but also an office (or a refuge from the outside world).

Continue Reading

Electric Cars

“They work harder than everyone and smarter than everyone,” Elon Musk said that it is the Chinese company that will be the second after Tesla in the electric car market

Published

on

They work harder than everyone and smarter than everyone Elon

Elon Musk sees Tesla’s biggest competition in China, home to a company he expects is “likely to be second” in the electric car market behind Tesla.

When asked about Tesla’s competitors, Elon Musk replied that he respects car companies in China, calling it the most competitive market in the world. Musk did not name any specific Chinese automaker.

They work harder than everyone and smarter than everyone. So, we are guessing that there is probably some company from China that will most likely be second only to Tesla. Our team wins in China. And I think that we can really attract the best people in China. So hopefully this will continue.

Elon Musk

“They work harder than everyone and smarter than everyone,” Elon Musk said that it is the Chinese company that will be the second after Tesla in the electric car market

China is Tesla’s second largest market. This country accounted for about two-thirds of all electric vehicle sales in the world in 2022. Tesla’s largest factory is also located in China. There are many EV competitors in this market, including Xpeng, Nio, BYD. Xiaomi will enter the market soon.

Elon Musk said the recent sharp decline in car prices has spurred demand and that the company is cutting spending to grow amid the recession Musk expects this year.

Continue Reading

Most Popular