Weak authentication and API vulnerabilities expose sensitive fleet data to risks. We explore key security measures, including encryption and API protection, to safeguard fleet management and EV systems.
A set of vulnerabilities in Kia vehicles could have allowed remote access to critical functions and personal information using only a license plate number, potentially exposing owners to unauthorized control and data theft. Although these vulnerabilities have been fixed, they underscore the need for stronger cybersecurity measures among OEMs.
Pwn2Own Automotive is set to make a triumphant return at the Automotive World conference in Tokyo, Japan, in January 2025. We outline the rules and targets for the second edition of this hugely successful automotive-focused ethical hacking competition.
The US government is proposing a new rule to ban automotive technologies from countries like China and Russia. We explore how this rule could impact manufacturers and suppliers, and what’s at stake for the future of connected vehicles.
The inaugural Automotive CTF Japan raced to a thrilling finish, with the top two teams headed to the global finals in Detroit in October.
We examine CVE-2024-23938, a JuiceBox 40 smart EV charging station vulnerability discovered at Pwn2Own Automotive, and discuss its broader implications for the automotive industry.
UD Trucks has partnered with VicOne to enhance cybersecurity in its software-defined vehicles (SDVs) and ensure compliance with UN Regulation No. 155 (UN R155), addressing the growing risks in smart logistics. UD Trucks is strengthening its security operations and accelerating innovation, all while maintaining a focus on safety and efficiency for the future of transportation.
VicOne researchers examine two Autel MaxiCharger vulnerabilities discovered at Pwn2Own Automotive 2024 and provide insights into their implications for automotive cybersecurity.
Ransomware is disrupting the automotive industry, from IT and OT systems to emerging V2X technologies. We discuss the repercussions, key vulnerabilities, and strategies to safeguard against future attacks.
The proliferation of APIs in software-defined vehicles (SDVs) has significantly expanded the attack surface, posing serious security risks to the entire automotive ecosystem. In this article, we provide insights into the evolving threat landscape of automotive APIs, tackling vulnerabilities associated with SDVs and recommending a systematic approach for effectively mitigating the risks.
A large-scale outage resulting from a single content update recently affected computers across multiple industries, including financial institutions, hospitals, and airlines. This incident highlights the challenges faced by organizations and the crucial need for enhanced system resilience in our increasingly interconnected world.
A software provider for automotive dealerships recently fell victim to a ransomware attack, causing widespread outages and crippling operations for thousands of car dealers. We examine the far-reaching implications of this incident on the automotive supply chain, outline critical lessons learned, and provide strategic security recommendations for automotive stakeholders.
In this second part of our series on vehicle entry system technology, we focus on its most recent iteration, the ultra-wideband (UWB) protocol. We cover its advantages, the potential vulnerabilities it carries, and the measures that will help secure its integration into vehicles.