September 27, 2024 at 07:03AM Security researcher Sam Curry discovered vulnerabilities in a Kia owners’ website that could have enabled attackers to remotely control millions of cars. The issues allowed for harvesting personal information and creating a second user account without the owner’s knowledge. Kia acknowledged the flaws in June 2024 and implemented a fix … Read more
September 26, 2024 at 12:06PM Researchers disclosed vulnerabilities in Kia vehicles allowing remote control and access to sensitive information by exploiting the dealership infrastructure. Impacting vehicles made after 2013, attackers could add themselves as “invisible” users, track and send commands to the vehicle discreetly. The flaws were patched by Kia in August 2024 following responsible … Read more
September 23, 2024 at 10:00AM The Commerce Department plans to ban the sale of connected and autonomous vehicles in the U.S. equipped with Chinese and Russian software and hardware by 2027-2030, citing national security concerns. This preemptive measure aims to protect against potential threats of data exposure and external control of vehicles, with implications for … Read more
June 21, 2024 at 04:28PM VicOne, an automotive cybersecurity solutions leader, announced the availability of its xNexus and xZETA solutions in AWS Marketplace. These solutions, designed to secure the automotive software supply chain, offer zero-day threat intelligence and actionable insights. VicOne’s CEO, Max Cheng, noted the significance of the listing and the benefits it brings … Read more
March 13, 2024 at 04:01PM Automobile manufacturers are transforming vehicles into next-gen application platforms, offering “software-defined” features. This enhances safety and offers conveniences like remote disablement but increases cybersecurity risks. Vulnerabilities include physical risks, theft, DDoS, and data privacy concerns. While security efforts show improvement, manufacturers need to prioritize security controls, secure development processes, and … Read more
February 9, 2024 at 02:23PM The Canadian government plans to ban the Flipper Zero and similar devices due to concerns about their potential use by thieves to steal cars. Despite the company’s claims that the device cannot be used to steal modern cars, Canadian authorities are taking steps to prohibit the importation, sale, and use … Read more
January 25, 2024 at 03:52PM Researchers at Pwn2Own 2024 in Tokyo compromised multiple electric vehicle chargers, operating systems, and Tesla components, uncovering numerous zero-day vulnerabilities. They earned $722,500 in winnings on the first day alone. Synacktiv’s notable achievements include exploits of various EV charging stations and Tesla systems, highlighting the growing complexity and security concerns … Read more