Blog

Pwn2Own Automotive specifically focuses on the increasing cyberthreats to connected cars worldwide, addressing a critical area of modern automotive security. It is the first global competition dedicated to discovering and solving connected car technology vulnerabilities.

Researchers from the Technical University of Berlin recently unveiled a hardware-based attack designed to jailbreak Tesla’s AMD-based in-vehicle infotainment (IVI) system. In this blog entry, we delve into the methodology of the attack and explore its implications for automotive cybersecurity.

A critical vulnerability affecting AMD Zen 2 CPUs, Zenbleed could allow a register to not be written to zero correctly, potentially leading to the leakage of data, passwords, and other sensitive information. Its successful exploitation could have repercussions for the automotive industry.

We discuss our research findings from the laboratory we set up to learn more about automotive Ethernet Time-Sensitive Networking (TSN) standards, focused on 802.1AS and 802.1Qbv, two IEEE standards found in practical applications.

At the recently concluded WCX 2023 conference, technological developments involving software-defined, autonomous, and electric vehicles were among the topics of discussion. In this blog entry, we examine the risks associated with these developments and what the automotive industry can learn from the IT industry in dealing with potential security issues.

We discuss how thieves staged a car heist via “CAN injection” and recommend how car OEMs can secure their vehicles from similar incidents.

Researchers have described attack scenarios using an extensive attack platform called V2X Application Spoofing Platform (VASP). We discuss how effective these scenarios are on different V2X generations.

Research has shown that advanced driver assistance systems (ADASs) are vulnerable to attacks using infrared laser technology that could compromise the safety and reliability of autonomous vehicles.

We revisit the Brokenwire attack, which exploits vulnerabilities in the Combined Charging System (CCS), the most widely used DC rapid charging technology for electric vehicles.

Researchers discovered a flaw that could enable an attack scenario they named Charging Pile Ransom Attack, in which potential attackers hold vehicles for ransom by locking them to vulnerable charging stations.

Research conducted on digital license plates revealed a vulnerability that can allow malicious tracking and customization of license plates.

How can automotive security prevent and mitigate the effects of data breaches? We revisit data breach cases in the automotive industry to gather insights.