GenAI Takes the Wheel: Can Automotive Cybersecurity Keep Up?
November 25, 2024Qualcomm has taken a significant step toward bringing GenAI to vehicles by integrating its next-generation Oryon processor into in-car systems. We explore the technology powering GenAI, highlighting what makes it so transformative — and the security challenges it introduces.
CyberThreat Research LabSecurity Mitigations for the Multiple Zero-Day Vulnerabilities Discovered in an IVI System
November 18, 2024The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.
CyberThreat Research LabExploiting the Emporia EV Charger: A Hacker’s Point of View
November 13, 2024Exposed serial interfaces in electric vehicle (EV) chargers present a significant vulnerability, enabling attackers to tamper with hardware and firmware. This creates opportunities for malicious activities, highlighting the need for strong security measures to prevent such exploits.
CyberThreat Research LabBreaking Into Tesla’s IVI System: Synacktiv’s Two-Bug Exploit Chain at Pwn2Own Automotive 2024
November 4, 2024We take a look at Synacktiv’s two-bug chain that successfully exploited Tesla’s in-vehicle infotainment (IVI) system at Pwn2Own Automotive 2024, highlighting security takeaways for enhancing automotive cybersecurity.
CyberThreat Research LabFrom Pwn2Own Automotive: More Stack-Based Buffer Overflow Vulnerabilities in Autel MaxiCharger
October 14, 2024We examine two more Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024: CVE-2024-23967 and CVE-2024-23957. Both are classified as a stack-based buffer overflow, a classic yet avoidable programming error that could lead to remote code execution.
CyberThreat Research LabHow Authentication and API Vulnerabilities Undermine Fleet Management Systems
October 10, 2024Weak authentication and API vulnerabilities expose sensitive fleet data to risks. We explore key security measures, including encryption and API protection, to safeguard fleet management and EV systems.
CyberThreat Research LabNow-Patched Kia Vulnerabilities Could Have Allowed Remote Control Using Only a License Plate Number
September 30, 2024A set of vulnerabilities in Kia vehicles could have allowed remote access to critical functions and personal information using only a license plate number, potentially exposing owners to unauthorized control and data theft. Although these vulnerabilities have been fixed, they underscore the need for stronger cybersecurity measures among OEMs.
CyberThreat Research LabFrom Pwn2Own Automotive: A Stack-Based Buffer Overflow Vulnerability in JuiceBox 40 Smart EV Charging Station
September 18, 2024We examine CVE-2024-23938, a JuiceBox 40 smart EV charging station vulnerability discovered at Pwn2Own Automotive, and discuss its broader implications for the automotive industry.
CyberThreat Research LabSecurity Takeaways From Autel MaxiCharger Vulnerabilities Discovered at Pwn2Own Automotive 2024
September 9, 2024VicOne researchers examine two Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024 and provide insights into their implications for automotive cybersecurity.
CyberThreat Research LabThe Ripple Effect of Ransomware Attacks on the Automotive Supply Chain
September 6, 2024Ransomware is disrupting the automotive industry, from IT and OT systems to emerging V2X technologies. We discuss the repercussions, key vulnerabilities, and strategies to safeguard against future attacks.
CyberThreat Research LabSecuring the Automotive Supply Chain: Lessons From the Ransomware Attack on a Car Dealership Software Provider
July 4, 2024A software provider for automotive dealerships recently fell victim to a ransomware attack, causing widespread outages and crippling operations for thousands of car dealers. We examine the far-reaching implications of this incident on the automotive supply chain, outline critical lessons learned, and provide strategic security recommendations for automotive stakeholders.
CyberThreat Research LabFrom Key Fob to UWB: Explaining and Securing Ultra-Wideband in Vehicles
June 19, 2024In this second part of our series on vehicle entry system technology, we focus on its most recent iteration, the ultra-wideband (UWB) protocol. We cover its advantages, the potential vulnerabilities it carries, and the measures that will help secure its integration into vehicles.
CyberThreat Research Lab