New Report Finds Auto Cyber Is A Dumpster Fire

New lines of smart, Internet-connected vehicles were the rage at the annual Consumer Electronics Show (CES), which has been taking place in Las Vegas in recent days. But a new report from a group of cybersecurity researchers should give consumers pause before hopping into a late model, connected car: exposing vehicle management systems rife with security vulnerabilities that could give even low-skill hackers access to driver data and critical vehicle systems.

Sam Curry is the Staff Security Engineer at Yuga Labs.

The report “Web hackers versus the Auto Industry,” was published by a group of seven researchers led by Sam Curry (@samwcyo). It found wide ranging security failings in systems relied on by 16 separate car makers and powering millions of vehicles. The faults include vulnerable single sign on systems and web application flaws that allowed the researchers to control remote vehicle locking and unlocking, start and stop engines and locate vehicles using GPS. Other flaws gave researchers full administrator access to a company wide administration panel that could send commands to more than 15 million deployed vehicles.

Encore Podcast: Is Autonomous Driving Heading for a Crash?

Millions of vehicles remotely hackable

Cars from model years 2014 and later are affected, and attacks could be carried out remotely, via the Internet with little more information than the Vehicle Identification Number (VIN) or the customer’s e-mail address, according to Sam Curry, the lead researcher on the project.

The report follows months of research on the security of

Read more

Explore the site

More from the blog

Latest News