PT-2025-29082

Name of the Vulnerable Software and Affected Versions: OpenSynergy BlueSDK versions through 6.x Description: The OpenSynergy BlueSDK Bluetooth stack contains a flaw due to incorrect handling of a network packet header and an incorrect variable used as a function argument. This can allow a remote...

Security vulnerabilities in major car brands revealed

Your car potentially hasnt "just" been a car for a long time. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. These systems tie into everything from passwords and web chat systems for car company employees, to file repositories and oth...

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infinit...

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was i...

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

A week in security (August 30 – September 5)

Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...

PTP at DEF CON 27

Here's the lowdown on our 14 DEF CON 27 talks, workshops, and panel sessions: Main Stage Track 3 Paris: Saturday 13:00 Chris Wade presents Tag-side attacks against NFC Track 2 Paris: Saturday 15:00 G Richter presents Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss Villages...

Black Hat USA 2019 Preview

Las Vegas – Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. The Threatpost team, which will be on the frontlines of next week’s shows, discuss wh...

Toyota’s PASTA- A car hacking tool to enhance automobile cybersecurity

By Waqas A team of security researchers working for the renowned automobile maker Toyota have developed a new car hacking tool. Dubbed as PASTA Portable Automotive Security Testbed with Adaptability, it is an open source tool created to help researchers identify the prevailing vulnerabilities in...

Securing Our Connected Car Future with Panasonic

There are few more exciting frontiers of the Internet of Things IoT than connected cars. Gartner predicts that there will be 61 million vehicles with built-in connectivity on our roads by 2020. But as we drive ever closer to a future where autonomous vehicles are a commonplace sight, we must be...

Unfixable Automobile Computer Security Vulnerability

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network CAN: Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable...

Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car's functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled. No doubt these auto-control systems make your driving experien...

Self-Driving Cars Can Be Hacked By Just Putting Stickers On Street Signs

Car Hacking is a hot topic, though it's not new for researchers to hack cars. Previously they had demonstrated how to hijack a car remotely, how to disable car's crucial functions like airbags, and even how to steal cars. But the latest car hacking trick doesn't require any extra ordinary skills ...

Building a Car Hacking Development Workbench: Part 3

Welcome back to the car hacking development workbench series. In part two we discussed how to read wiring diagrams. In part three, we are going to expand on the workbench by re-engineering circuits and replicate signals used in your vehicle. If this is your first time stumbling across this write...

Building a Car Hacking Development Workbench: Part 1

Introduction There is a vast body of knowledge hiding inside your car. Whether you are an auto enthusiast, developer, hobbyist, security researcher, or just curious about vehicles, building a development bench can be an exciting project to facilitate understanding and experimentation without...

Bosch automotive Drivelog Connector dongle remote vulnerability analysis-vulnerability warning-the black bar safety net

In this article, we will be on the Argus research team at Bosch Drivelog Connect BOD-II adapter in the discovery of the vulnerability is discussed in detail. Note that this vulnerability would allow an attacker to by Drivelog platform to stop a running car engine. According to the Argus of the...

Hackers take Remote Control of Tesla's Brakes and Door locks from 12 Miles Away

Next time when you find yourself hooked up behind the wheel, make sure your car is actually in your control. Hackers can remotely hijack your car and even control its brakes from 12 miles away. Car hacking is a hot topic. Today many automobiles companies have been offering vehicles with the...

What is Defcon

The first year I attended, I was lucky enough to identify interesting wireless signals with a distinct sound - that of the POCSAG and FLEX protocols. Decoding these signals revealed party invites to the Telephreak party where I listened to raw, uncensored lightning talks covering topics from car...

Miller, Valasek Deliver Final Car Hacking Talk

LAS VEGAS—Charlie Miller and Chris Valasek figuratively drove off into the sunset today at Black Hat, hanging up their car hacking exploits for good and leaving behind a pioneering legacy that elevated this type of research into the mainstream. “It’s time someone else pick it up,” Valasek said. “...

Fiat Chrysler Launches Bug Bounty with $1.5K Payout Cap

Hacking Jeeps is about to get a lot more competitive. That’s because Jeep maker Fiat Chrysler Automobiles has launched a bug bounty program in conjunction with Bugcrowd that will payout as much as $1,500 per bug. Fiat Chrysler, the world’s No. 7 automaker, claims it will be the first Detroit...