EUVD-2015-5564

Malware in sbrugna...

Panda Uconnect - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Panda Uconnect published at the 'play' market has multiple vulnerabilities...

Fiat Chrysler Launches Bug Bounty with $1.5K Payout Cap

Hacking Jeeps is about to get a lot more competitive. That’s because Jeep maker Fiat Chrysler Automobiles has launched a bug bounty program in conjunction with Bugcrowd that will payout as much as $1,500 per bug. Fiat Chrysler, the world’s No. 7 automaker, claims it will be the first Detroit...

Car Hacking, Mobile Jailbreaking Among DCMA Exemptions Granted

Car hackers and jailbreakers today apparently got a green light from the Librarian of Congress David Mao to tinker away. The Library of Congress’ triennial exemptions to the anti-circumvention rules within the Digital Copyright Millennium Act DCMA were released today, and among the exemptions to...

Chris Valasek Security of Things Forum Keynote

CAMBRIDGE, Mass. – Chris Valasek and Charlie Miller’s car hacking research put a crunching reality on Internet of Things security, moving it beyond almost clichéd discussions of smart refrigerators leaking inconsequential data, to hackers remotely manipulating car brakes. But Furby hacking matter...

OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars

The OwnStar attack that hacker Samy Kamkar revealed late last month can be used against not only GM vehicles, but cars manufactured by Mercedes-Benz, BMW, and Chrysler, as well. The attack allows Kamkar to intercept the traffic from nearby mobile phones that have specific apps open that control...

Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability

A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's cellular network, which connects FCA vehicles to the Internet...

Fiat Chrysler Recalls 1.4 million Cars After Software Bug is Revealed

A few days after issuing a patch and reassuring owners that the attack that shut down the transmission and other systems remotely on a Jeep was not a huge risk, Fiat Chrysler has decided to recall nearly 1.5 million vehicles as a result of the bug exposed in the research. The recall is the result...

Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled

Overview Fiat Chrysler Automobiles FCA UConnect may allow a remote attacker to control physical vehicle functions. Description According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of Jeep Cherokee to be controlled by a remote...

Fiat Chrysler Automobiles Uconnect Remote Elevation of Privilege Vulnerability

Fiat Chrysler Automobiles Uconnect is a suite of in-car information systems from Fiat Chrysler Automobiles FCA in the United States. An unspecified vulnerability exists in Fiat Chrysler Automobiles Uconnect 15.26.1. A remote attacker on the same mobile network could exploit this vulnerability by...

Authorization

Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles FCA from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related ...

CVE-2015-5611

Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles FCA from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related ...

CVE-2015-5611

Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles FCA from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related ...

CVE-2015-5611

CVE-2015-5611 covers a missing authentication vulnerability in FCA Uconnect infotainment systems (Uconnect 8.4AN/RA3/RA4) used in 2013–2015 FCA vehicles. The root cause is unauthenticated access allowing remote commands via the entertainment-system firmware and CAN bus due to insufficient Radio s...

Car Hacking Gets the Attention of Detroit and Washington

Car hacking is a relatively new phenomenon, but it is evolving at a frighteningly quick pace. While just a year or two ago security researchers were still trying to work out exactly how the internal electronics and communications gear in vehicles works, now a pair of researchers has discovered a...

Harman-Kardon Uconnect Vulnerability

OVERVIEW This advisory is a follow-up to the ICS-ALERT titled ICS-ALERT-15-203-01 FCA Uconnect VulnerabilityICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01, web site last accessed September 17, 2015. that was published July 22, 2015, on the NCCIC/ICS-CERT web site. Chris...