Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    MCADE online arcade is popular on Reddit in the ongoing presale

    March 30, 2023

    Oxfam Novib and Goodwell target East African startups with €20M Pepea fund

    March 30, 2023

    Factbox-How U.S. electric vehicle subsidy rules impact Europe By Reuters

    March 30, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » API Vulnerabilities Uncovered in 16 Major Car Brands
    Cybersecurity

    API Vulnerabilities Uncovered in 16 Major Car Brands

    AdmincryptBy AdmincryptJanuary 9, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 09, 2023Ravie LakshmananAutomotive Security

    Car Hacking

    Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.

    The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in software from Reviver, SiriusXM, and Spireon.

    The flaws run a wide gamut, ranging from those that give access to internal company systems and user information to weaknesses that would allow an attacker to remotely send commands to achieve code execution.

    The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al detailed security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks.

    The most serious of the issues, which concern Spireon’s telematics solution, could have been exploited to gain full administrative access, enabling an adversary to issue arbitrary commands to about 15.5 million vehicles as well as update device firmware.

    car hacking
    car hacking
    car hacking

    “This would’ve allowed us to track and shut off starters for police, ambulances, and law enforcement vehicles for a number of different large cities and dispatch commands to those vehicles,” the researchers said.

    Vulnerabilities identified in Mercedes-Benz could grant access to internal applications via an improperly configured single sign-on (SSO) authentication scheme, while others could permit user account takeover and disclosure of sensitive information.

    Other flaws make it possible to access or modify customer records, internal dealer portals, track vehicle GPS locations in real time, manage the license plate data for all Reviver customers, and even update vehicle status as “stolen.”

    While all the security vulnerabilities have since been fixed by the respective manufacturers following responsible disclosure, the findings highlight the need for defense-in-depth strategy to contain threats and mitigate risk.

    “If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely,” the researchers noted.

    “The interconnectedness of our devices is making securing cars more challenging — as exemplified by cyberattacks on cars increasing by 225% in the last three years, with 84.5% of these attacks executed remotely,” Sandeep Singh, senior manager of technical services at HackerOne, said in a statement, explaining the uptick in automotive hacks and the need for collaborating with the ethical hacking community.

    “As the technology of automobiles becomes more advanced, so does the complexity of their intelligent software systems,” Singh further added. “Identifying the software supply chain vulnerabilities caused by ‘smart’ features requires deep knowledge of software and hardware systems and an understanding of the custom protocols that are specific to connected vehicles and automotive systems.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleCureVac shares surge after preliminary data on COVID-19 and flu shots
    Next Article How Solana and Other Crypto Companies Are Trying to Distance Themselves from FTX and Its … – Latest Tweet by Bloomberg
    Admincrypt
    • Website

    Related Posts

    Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

    March 29, 2023

    Researchers Uncover New Linux Malware Linked to Chinese APT Groups

    March 29, 2023

    Smart Mobility has a Blindspot When it Comes to API Security

    March 29, 2023

    How to Build a Research Lab for Reverse Engineering — 4 Ways

    March 29, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Binance News

    MCADE online arcade is popular on Reddit in the ongoing presale

    By AdmincryptMarch 30, 20230

    It’s no secret that Reddit Crypto has become a hub for retail traders who want to track…

    Oxfam Novib and Goodwell target East African startups with €20M Pepea fund

    March 30, 2023

    Factbox-How U.S. electric vehicle subsidy rules impact Europe By Reuters

    March 30, 2023

    CytomX Therapeutics, Inc. (NASDAQ:CTMX) Forecasted to Post FY2024 Earnings of ($0.64) Per Share

    March 30, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?