Blog

VicOne and our partners will showcase how we secure the evolving automotive ecosystem at CES 2025, the global stage for breakthrough technologies and innovations.

The Pwn2Own Automotive 2024 competition uncovered a critical zero-click RCE Bluetooth vulnerability in the Alpine Halo9 IVI system, highlighting the risks of proprietary implementations in connected vehicles. We explore the discovery, exploitation techniques, and key takeaways for securing automotive technologies against emerging threats.

Qualcomm has taken a significant step toward bringing GenAI to vehicles by integrating its next-generation Oryon processor into in-car systems. We explore the technology powering GenAI, highlighting what makes it so transformative — and the security challenges it introduces.

The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.

Exposed serial interfaces in electric vehicle (EV) chargers present a significant vulnerability, enabling attackers to tamper with hardware and firmware. This creates opportunities for malicious activities, highlighting the need for strong security measures to prevent such exploits.

Google’s Project Zero recently identified a zero-day vulnerability using an AI-assisted framework, marking a promising breakthrough in vulnerability detection. We examine the importance of AI technologies and other strategies in ensuring a more comprehensive approach to automotive cybersecurity.

Software containers streamline the development of software-defined vehicles (SDVs), but they also bring new security risks. Addressing these risks is essential to ensure the integrity of SDV systems.

We take a look at Synacktiv’s two-bug chain that successfully exploited Tesla’s in-vehicle infotainment (IVI) system at Pwn2Own Automotive 2024, highlighting security takeaways for enhancing automotive cybersecurity.

VicOne and Block Harbor’s Automotive CTF 2024 wrapped up at the 8th Annual Auto-ISAC Cybersecurity Summit in Detroit, Michigan.

We examine two more Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024: CVE-2024-23967 and CVE-2024-23957. Both are classified as a stack-based buffer overflow, a classic yet avoidable programming error that could lead to remote code execution.

Weak authentication and API vulnerabilities expose sensitive fleet data to risks. We explore key security measures, including encryption and API protection, to safeguard fleet management and EV systems.

A set of vulnerabilities in Kia vehicles could have allowed remote access to critical functions and personal information using only a license plate number, potentially exposing owners to unauthorized control and data theft. Although these vulnerabilities have been fixed, they underscore the need for stronger cybersecurity measures among OEMs.