Blog

Exposed serial interfaces in electric vehicle (EV) chargers present a significant vulnerability, enabling attackers to tamper with hardware and firmware. This creates opportunities for malicious activities, highlighting the need for strong security measures to prevent such exploits.

Google’s Project Zero recently identified a zero-day vulnerability using an AI-assisted framework, marking a promising breakthrough in vulnerability detection. We examine the importance of AI technologies and other strategies in ensuring a more comprehensive approach to automotive cybersecurity.

Software containers streamline the development of software-defined vehicles (SDVs), but they also bring new security risks. Addressing these risks is essential to ensure the integrity of SDV systems.

We take a look at Synacktiv’s two-bug chain that successfully exploited Tesla’s in-vehicle infotainment (IVI) system at Pwn2Own Automotive 2024, highlighting security takeaways for enhancing automotive cybersecurity.

VicOne and Block Harbor’s Automotive CTF 2024 wrapped up at the 8th Annual Auto-ISAC Cybersecurity Summit in Detroit, Michigan.

We examine two more Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024: CVE-2024-23967 and CVE-2024-23957. Both are classified as a stack-based buffer overflow, a classic yet avoidable programming error that could lead to remote code execution.

Weak authentication and API vulnerabilities expose sensitive fleet data to risks. We explore key security measures, including encryption and API protection, to safeguard fleet management and EV systems.

A set of vulnerabilities in Kia vehicles could have allowed remote access to critical functions and personal information using only a license plate number, potentially exposing owners to unauthorized control and data theft. Although these vulnerabilities have been fixed, they underscore the need for stronger cybersecurity measures among OEMs.

Pwn2Own Automotive is set to make a triumphant return at the Automotive World conference in Tokyo, Japan, in January 2025. We outline the rules and targets for the second edition of this hugely successful automotive-focused ethical hacking competition.

The US government is proposing a new rule to ban automotive technologies from countries like China and Russia. We explore how this rule could impact manufacturers and suppliers, and what’s at stake for the future of connected vehicles.

The inaugural Automotive CTF Japan raced to a thrilling finish, with the top two teams headed to the global finals in Detroit in October.

We examine CVE-2024-23938, a JuiceBox 40 smart EV charging station vulnerability discovered at Pwn2Own Automotive, and discuss its broader implications for the automotive industry.