CVE-2019-12797

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...

EUVD-2018-20916

Malware in sbrugna...

EUVD-2017-12338

Malware in sbrugna...

OBDeleven vulnerability

OBDelevens OBD-II dongle is an onboard diagnostics port module that connects to a mobile app over Bluetooth. It takes advantage of weaknesses in UDS secure access to unlock the vehicle ECU and enable enhanced diagnostics and some additional functionality. Some of these functions are only availabl...

Turning an OBD-II reader into a USB / NFC attack tool

One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...

CVE-2019-12797

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...

Hardcoded credentials

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...

CVE-2019-12797

A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle...

Design/Logic Flaw

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...

CVE-2017-3217

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...

CVE-2017-3217

CalAmp LMU-3030 series (OBD-II CDMA/GSM devices) expose an SMS interface that, in affected deployments, can be used without a password. The SMS channel lets an attacker send administrative commands (including IP, firewall rules, and passwords) by simply knowing the device’s phone number, enabling...

CVE-2017-3217 CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

Design/Logic Flaw

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9322

The CVE-2018-9322 entry describes a vulnerability in the Head Unit HU_NBT (Infotainment) used in BMW i/X/3/5/7 Series vehicles from 2012–2018. A local attacker with access to USB or OBD-II interfaces can bypass the firmware update code-signing protection, enabling execution of unsigned firmware a...

BMW multi models is the exposure of a common security vulnerability, a hacker remote attack-vulnerability warning-the black bar safety net

5 on 22 May, Tencent Cohen Laboratory released a BMW, many different models of 14 common security vulnerabilities, these vulnerabilities can be through physical contact and remote non-contact and other ways triggered, according to its official blog to reveal that at present all the vulnerability...

CBM - Car Backdoor Maker

A hardware-backdoor for CAN bus - by @UnaPibaGeek & @holesec For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a...

Building a Car Hacking Development Workbench: Part 1

Introduction There is a vast body of knowledge hiding inside your car. Whether you are an auto enthusiast, developer, hobbyist, security researcher, or just curious about vehicles, building a development bench can be an exciting project to facilitate understanding and experimentation without...

Building a Car Hacking Development Workbench: Part 2

This is part two of a three-part series. Part one covered how to build a development workbench. Part two of this series will cover reading electrical diagrams and serve as a primer for part three, where we will re-engineer common circuit types found in vehicles. Electrical Diagrams &...