Harnessing Python and ChatGPT for Automotive Security Research
May 6, 2024A VicOne researcher demonstrates how automotive security researchers can take advantage of Python and ChatGPT, especially in scripting proofs of concept of known attacks and exploring novel vulnerabilities in automotive systems.
CyberThreat Research LabOpen RAN: A Gateway to Improved V2X Communications and to New Security Risks
April 12, 2024Open RAN is said to usher advances in V2X communications for connected vehicles. Researchers have taken a closer look at this technology to see where vulnerabilities might slip through amid its anticipated advantages.
CyberThreat Research LabEmerging Threats to the Automotive Supply Chain From Ransomware Groups
February 22, 2024More automotive manufacturers and suppliers have fallen prey to ransomware groups in January 2024, further highlighting the need for more robust automotive cybersecurity amid a rapidly evolving threat landscape.
CyberThreat Research LabExtending the Lessons From Pwn2Own Automotive
February 15, 2024With the close of the first-ever Pwn2Own Automotive, the challenge now is to make the most out of the discoveries and insights from the event. We summarize here our own impressions of the event, homing in on emergent security gaps and industry trends.
CyberThreat Research LabHow to Avoid Source Code Breaches: Lessons From the Mercedes-Benz GitHub Token Leak
February 7, 2024Researchers discovered a GitHub token leaked by a Mercedes-Benz employee, potentially exposing the automaker’s internal coding infrastructure, intellectual property, and other sensitive data. This breach stemmed from a sequence of avoidable errors, highlighting the importance of robust security measures in safeguarding digital assets.
CyberThreat Research LabAdvancing Vulnerability Discovery Amid Automotive Innovation: An API Attack From Halfway Across the World
January 22, 2024We examine the impact of vulnerabilities and the security implications of advancing technologies on vehicles in VicOne’s walkthrough of an API attack scenario.
CyberThreat Research LabFrom Information Leakage to Command Injection: Common Vulnerabilities in the Automotive Industry
December 22, 2023We highlight common vulnerabilities affecting modern connected vehicles, including those involving denial of service, hard-coded credentials, and stack overflow.
CyberThreat Research LabDriving Into the Future: VicOne Automotive Cybersecurity Predictions and Recommendations for 2024
December 15, 2023We recently explored the current state of automotive cybersecurity in the VicOne Automotive Cyberthreat Landscape Report 2023. In this blog entry, we present the automotive cybersecurity predictions and recommendations that decisions-makers in the automotive industry should be cognizant of in 2024.
CyberThreat Research LabSafeguarding Tomorrow’s Mobility: The Imperative of Cybersecurity in the Automotive Industry
December 7, 2023In the fast-paced evolution of the automotive industry, technological innovation has become synonymous with progress. However, this era of transformation also demands an unwavering commitment to robust cybersecurity measures.
CyberThreat Research LabBeating Zero-Day Vulnerabilities at a Game: Pwn2Own Automotive
December 6, 2023Pwn2Own Automotive specifically focuses on the increasing cyberthreats to connected cars worldwide, addressing a critical area of modern automotive security. It is the first global competition dedicated to discovering and solving connected car technology vulnerabilities.
CyberThreat Research LabTesla Jailbreak Unlocks Features via Firmware Patching and Voltage Glitching
September 12, 2023Researchers from the Technical University of Berlin recently unveiled a hardware-based attack designed to jailbreak Tesla’s AMD-based in-vehicle infotainment (IVI) system. In this blog entry, we delve into the methodology of the attack and explore its implications for automotive cybersecurity.
CyberThreat Research LabDissecting the Zenbleed AMD Vulnerability and Its Potential Impact on the Automotive Industry
August 14, 2023A critical vulnerability affecting AMD Zen 2 CPUs, Zenbleed could allow a register to not be written to zero correctly, potentially leading to the leakage of data, passwords, and other sensitive information. Its successful exploitation could have repercussions for the automotive industry.
CyberThreat Research Lab