Blog

A recent breach of the LockBit ransomware group exposed chat logs, offering a rare inside look at how victims were targeted and extorted. Automotive companies featured prominently among those attacked. We unpack the key findings and outline practical steps that automotive companies can take to block LockBit attacks or similar incidents.

By decrypting an Android OTA update to their vehicle’s infotainment system, a researcher gained access to proprietary code. We examine the method that the researcher used and what it means for modern vehicle security.

As AI assistants become standard features in vehicles, new risks like prompt injection are emerging, quietly manipulating systems through seemingly harmless inputs. We explore how attackers could exploit invisible commands in everyday interactions and why securing AI at the input level is critical to automotive safety.

Hitag2, a legacy key fob system, has long been known to carry security flaws. A recent demonstration showed that it could be cracked in under a minute. We break down how the attack works and why outdated encryption poses serious risks to modern vehicles.

We analyze the three-bug exploit chain demonstrated by security researchers against the Pioneer DMH-WT7600NEX IVI system at Pwn2Own Automotive 2024. We map it to the Automotive Threat Matrix and highlight industry best practices for mitigating similar exploits.

As AI, EVs, and SDVs reshape the automotive industry, cyberthreats are evolving in tandem. Drawing from VicOne’s 2025 automotive cybersecurity report, this article offers key insights into the industry’s threat landscape and outlines the strategies automakers need to stay ahead.

Security researchers uncovered a vulnerability in Subaru’s in-vehicle infotainment (IVI) system admin panel, enabling unauthorized access to personal information, GPS records, and vehicle controls. We examine the findings and emphasize the need for automotive manufacturers to adopt a security-first approach throughout the vehicle lifecycle.

In the first several weeks of 2025 alone, a surge of ransomware attacks hit the automotive industry. We examine recent cases and their broader implications for automotive cybersecurity.

We discuss the two vulnerabilities discovered in the Phoenix Contact CHARX SEC-3100 EV charging controller at Pwn2Own Automotive 2024, highlighting their impact and possible mitigations.

We examine the NCC Group’s two-bug chain during Pwn2Own Automotive 2024, which enabled the team to play Doom on the Alpine Halo9 iLX-F509 IVI system. We underscore the more serious implications once attackers gain root access and recommend countermeasures to mitigate the risks.

We examine a zero-click remote code execution (RCE) vulnerability in Tesla’s tire pressure monitoring system (TPMS), uncovered by Synacktiv researchers at Pwn2Own Vancouver 2024, and highlight its implications for connected vehicle security.

The Pwn2Own Automotive 2024 competition uncovered a high-severity zero-click RCE Bluetooth vulnerability in the Alpine Halo9 IVI system, highlighting the risks of proprietary implementations in connected vehicles. We explore the discovery, exploitation techniques, and key takeaways for securing automotive technologies against emerging threats.