We examine the NCC Group’s two-bug chain during Pwn2Own Automotive 2024, which enabled the team to play Doom on the Alpine Halo9 iLX-F509 IVI system. We underscore the more serious implications once attackers gain root access and recommend countermeasures to mitigate the risks.
SDVs are reshaping mobility, but innovation brings risks. Our 2024 cybersecurity analysis and review of the past decade reveal key challenges and industry responses to safeguard safety and trust.
We examine a zero-click remote code execution (RCE) vulnerability in Tesla’s tire pressure monitoring system (TPMS), uncovered by Synacktiv researchers at Pwn2Own Vancouver 2024, and highlight its implications for connected vehicle security.
VicOne and our partners will showcase how we secure the evolving automotive ecosystem at CES 2025, the global stage for breakthrough technologies and innovations.
The Pwn2Own Automotive 2024 competition uncovered a high-severity zero-click RCE Bluetooth vulnerability in the Alpine Halo9 IVI system, highlighting the risks of proprietary implementations in connected vehicles. We explore the discovery, exploitation techniques, and key takeaways for securing automotive technologies against emerging threats.
Qualcomm has taken a significant step toward bringing GenAI to vehicles by integrating its next-generation Oryon processor into in-car systems. We explore the technology powering GenAI, highlighting what makes it so transformative — and the security challenges it introduces.
The ZDI has identified six zero-day vulnerabilities in an in-vehicle infotainment (IVI) system. As these vulnerabilities remain unpatched, we recommend security best practices to minimize their potential risks and fortify connected vehicles’ IVI systems.
Exposed serial interfaces in electric vehicle (EV) chargers present a significant vulnerability, enabling attackers to tamper with hardware and firmware. This creates opportunities for malicious activities, highlighting the need for strong security measures to prevent such exploits.
Google’s Project Zero recently identified a zero-day vulnerability using an AI-assisted framework, marking a promising breakthrough in vulnerability detection. We examine the importance of AI technologies and other strategies in ensuring a more comprehensive approach to automotive cybersecurity.
Software containers streamline the development of software-defined vehicles (SDVs), but they also bring new security risks. Addressing these risks is essential to ensure the integrity of SDV systems.
We take a look at Synacktiv’s two-bug chain that successfully exploited Tesla’s in-vehicle infotainment (IVI) system at Pwn2Own Automotive 2024, highlighting security takeaways for enhancing automotive cybersecurity.
VicOne and Block Harbor’s Automotive CTF 2024 wrapped up at the 8th Annual Auto-ISAC Cybersecurity Summit in Detroit, Michigan.
We examine two more Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024: CVE-2024-23967 and CVE-2024-23957. Both are classified as a stack-based buffer overflow, a classic yet avoidable programming error that could lead to remote code execution.