Blog

We take a look at Synacktiv’s two-bug chain that successfully exploited Tesla’s in-vehicle infotainment (IVI) system at Pwn2Own Automotive 2024, highlighting security takeaways for enhancing automotive cybersecurity.

We examine two more Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024: CVE-2024-23967 and CVE-2024-23957. Both are classified as a stack-based buffer overflow, a classic yet avoidable programming error that could lead to remote code execution.

Weak authentication and API vulnerabilities expose sensitive fleet data to risks. We explore key security measures, including encryption and API protection, to safeguard fleet management and EV systems.

A set of vulnerabilities in Kia vehicles could have allowed remote access to critical functions and personal information using only a license plate number, potentially exposing owners to unauthorized control and data theft. Although these vulnerabilities have been fixed, they underscore the need for stronger cybersecurity measures among OEMs.

We examine CVE-2024-23938, a JuiceBox 40 smart EV charging station vulnerability discovered at Pwn2Own Automotive, and discuss its broader implications for the automotive industry.

VicOne researchers examine two Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024 and provide insights into their implications for automotive cybersecurity.

Ransomware is disrupting the automotive industry, from IT and OT systems to emerging V2X technologies. We discuss the repercussions, key vulnerabilities, and strategies to safeguard against future attacks.

A software provider for automotive dealerships recently fell victim to a ransomware attack, causing widespread outages and crippling operations for thousands of car dealers. We examine the far-reaching implications of this incident on the automotive supply chain, outline critical lessons learned, and provide strategic security recommendations for automotive stakeholders.

In this second part of our series on vehicle entry system technology, we focus on its most recent iteration, the ultra-wideband (UWB) protocol. We cover its advantages, the potential vulnerabilities it carries, and the measures that will help secure its integration into vehicles.

In this first installment, we examine the history of automotive entry technology and explore notable types of security breaches such as replay attacks, rolling attacks, and relay attacks.

Apps play a significant role in enhancing the functionality and driving the evolution of software-defined vehicles (SDVs). However, their integration also introduces new risks, as we explore in this blog entry.

Rust, a memory-safe programming language, is gaining traction as it is designed to address memory-related vulnerabilities. We discuss its potential impact on automotive cybersecurity.