Hitag2 Key Fob Vulnerability: How Attackers Can Clone Keys in Under a Minute
April 15, 2025Hitag2, a legacy key fob system, has long been known to carry security flaws. A recent demonstration showed that it could be cracked in under a minute. We break down how the attack works and why outdated encryption poses serious risks to modern vehicles.
CyberThreat Research LabBreaking Down the Pioneer IVI System 3-Bug Exploit Chain From Pwn2Own Automotive 2024
March 31, 2025We analyze the three-bug exploit chain demonstrated by security researchers against the Pioneer DMH-WT7600NEX IVI system at Pwn2Own Automotive 2024. We map it to the Automotive Threat Matrix and highlight industry best practices for mitigating similar exploits.
CyberThreat Research LabShifting Gears for 2025: The Next Generation of Automotive Cybersecurity Challenges
March 19, 2025As AI, EVs, and SDVs reshape the automotive industry, cyberthreats are evolving in tandem. Drawing from VicOne’s 2025 automotive cybersecurity report, this article offers key insights into the industry’s threat landscape and outlines the strategies automakers need to stay ahead.
CyberThreat Research LabHow Subaru’s IVI System Admin Panel Vulnerability Could Have Enabled Vehicle Tracking and Control
March 13, 2025Security researchers uncovered a vulnerability in Subaru’s in-vehicle infotainment (IVI) system admin panel, enabling unauthorized access to personal information, GPS records, and vehicle controls. We examine the findings and emphasize the need for automotive manufacturers to adopt a security-first approach throughout the vehicle lifecycle.
CyberThreat Research LabSpate of Ransomware Attacks Targets Automotive Industry in Early 2025
February 26, 2025In the first several weeks of 2025 alone, a surge of ransomware attacks hit the automotive industry. We examine recent cases and their broader implications for automotive cybersecurity.
CyberThreat Research LabFrom Pwn2Own Automotive: 2 RCE Vulnerabilities in the Phoenix Contact CHARX SEC-3100 EV Charging Controller
February 7, 2025We discuss the two vulnerabilities discovered in the Phoenix Contact CHARX SEC-3100 EV charging controller at Pwn2Own Automotive 2024, highlighting their impact and possible mitigations.
CyberThreat Research LabPlaying Doom on an IVI System: More Alpine Halo9 Vulnerabilities From Pwn2Own Automotive 2024
January 14, 2025We examine the NCC Group’s two-bug chain during Pwn2Own Automotive 2024, which enabled the team to play Doom on the Alpine Halo9 iLX-F509 IVI system. We underscore the more serious implications once attackers gain root access and recommend countermeasures to mitigate the risks.
CyberThreat Research LabUnder Pressure: Exploring a Zero-Click RCE Vulnerability in Tesla’s TPMS
December 18, 2024We examine a zero-click remote code execution (RCE) vulnerability in Tesla’s tire pressure monitoring system (TPMS), uncovered by Synacktiv researchers at Pwn2Own Vancouver 2024, and highlight its implications for connected vehicle security.
CyberThreat Research LabFrom Pwn2Own Automotive: A High-Severity Zero-Click RCE Bluetooth Vulnerability in the Alpine Halo9 IVI System
December 12, 2024The Pwn2Own Automotive 2024 competition uncovered a high-severity zero-click RCE Bluetooth vulnerability in the Alpine Halo9 IVI system, highlighting the risks of proprietary implementations in connected vehicles. We explore the discovery, exploitation techniques, and key takeaways for securing automotive technologies against emerging threats.
CyberThreat Research LabGenAI Takes the Wheel: Can Automotive Cybersecurity Keep Up?
November 25, 2024Qualcomm has taken a significant step toward bringing GenAI to vehicles by integrating its next-generation Oryon processor into in-car systems. We explore the technology powering GenAI, highlighting what makes it so transformative — and the security challenges it introduces.
CyberThreat Research LabSecurity Mitigations for the Multiple Zero-Day Vulnerabilities Discovered in an IVI System
November 18, 2024The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.
CyberThreat Research LabExploiting the Emporia EV Charger: A Hacker’s Point of View
November 13, 2024Exposed serial interfaces in electric vehicle (EV) chargers present a significant vulnerability, enabling attackers to tamper with hardware and firmware. This creates opportunities for malicious activities, highlighting the need for strong security measures to prevent such exploits.
CyberThreat Research Lab