From Pwn2Own Automotive: More Stack-Based Buffer Overflow Vulnerabilities in Autel MaxiCharger
October 14, 2024We examine two more Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024: CVE-2024-23967 and CVE-2024-23957. Both are classified as a stack-based buffer overflow, a classic yet avoidable programming error that could lead to remote code execution.
CyberThreat Research LabHow Authentication and API Vulnerabilities Undermine Fleet Management Systems
October 10, 2024Weak authentication and API vulnerabilities expose sensitive fleet data to risks. We explore key security measures, including encryption and API protection, to safeguard fleet management and EV systems.
CyberThreat Research LabNow-Patched Kia Vulnerabilities Could Have Allowed Remote Control Using Only a License Plate Number
September 30, 2024A set of vulnerabilities in Kia vehicles could have allowed remote access to critical functions and personal information using only a license plate number, potentially exposing owners to unauthorized control and data theft. Although these vulnerabilities have been fixed, they underscore the need for stronger cybersecurity measures among OEMs.
CyberThreat Research LabRev Up for Pwn2Own Automotive 2025: Here Are the Contest Rules and Targets
September 25, 2024Pwn2Own Automotive is set to make a triumphant return at the Automotive World conference in Tokyo, Japan, in January 2025. We outline the rules and targets for the second edition of this hugely successful automotive-focused ethical hacking competition.
VicOneNavigating the New US Rule on Connected Vehicle Technologies From ‘Countries of Concern’
September 24, 2024The US government is proposing a new rule to ban automotive technologies from countries like China and Russia. We explore how this rule could impact manufacturers and suppliers, and what’s at stake for the future of connected vehicles.
VicOneAutomotive CTF 2024: Top Teams From Japan Advance to Global Finals in Detroit
September 23, 2024The inaugural Automotive CTF Japan raced to a thrilling finish, with the top two teams headed to the global finals in Detroit in October.
VicOneFrom Pwn2Own Automotive: A Stack-Based Buffer Overflow Vulnerability in JuiceBox 40 Smart EV Charging Station
September 18, 2024We examine CVE-2024-23938, a JuiceBox 40 smart EV charging station vulnerability discovered at Pwn2Own Automotive, and discuss its broader implications for the automotive industry.
CyberThreat Research LabRisk-Proof Smart Logistics: The Path to UN R155 Certification and Sustainable, Driverless Solutions
September 10, 2024UD Trucks has partnered with VicOne to enhance cybersecurity in its software-defined vehicles (SDVs) and ensure compliance with UN Regulation No. 155 (UN R155), addressing the growing risks in smart logistics. UD Trucks is strengthening its security operations and accelerating innovation, all while maintaining a focus on safety and efficiency for the future of transportation.
VicOneSecurity Takeaways From Autel MaxiCharger Vulnerabilities Discovered at Pwn2Own Automotive 2024
September 9, 2024VicOne researchers examine two Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024 and provide insights into their implications for automotive cybersecurity.
CyberThreat Research LabThe Ripple Effect of Ransomware Attacks on the Automotive Supply Chain
September 6, 2024Ransomware is disrupting the automotive industry, from IT and OT systems to emerging V2X technologies. We discuss the repercussions, key vulnerabilities, and strategies to safeguard against future attacks.
CyberThreat Research LabIs the Automotive Industry Prepared to Navigate API Security Risks in Software-Defined Vehicles?
August 20, 2024The proliferation of APIs in software-defined vehicles (SDVs) has significantly expanded the attack surface, posing serious security risks to the entire automotive ecosystem. In this article, we provide insights into the evolving threat landscape of automotive APIs, tackling vulnerabilities associated with SDVs and recommending a systematic approach for effectively mitigating the risks.
VicOneStrengthening Resilience in Today’s Interconnected Age: VicOne’s Approach
July 29, 2024A large-scale outage resulting from a single content update recently affected computers across multiple industries, including financial institutions, hospitals, and airlines. This incident highlights the challenges faced by organizations and the crucial need for enhanced system resilience in our increasingly interconnected world.
VicOne