13 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the vehicle authentication. An attacker can impersonate arbitrary vehicle identification numbers VINs by submitting falsified telemetry records using compromised client credentials. Remediation Upgrade...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the vehicle authentication. An attacker can impersonate arbitrary vehicle identification numbers VINs by submitting falsified telemetry records using compromised client credentials. Remediation Upgrade...
Should you let Chrome store your driver’s license and passport?
Google has rolled out a new autofill feature for Chrome that goes beyond storing just your passwords, addresses, and credit card numbers. The new "enhanced autofill" can now stash your driver's license, passport details, VIN, or license plate information. Sounds convenient, right? But just becaus...
Online portal exposed car and personal data, allowed anyone to remotely unlock cars
A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in...
Skoda Security Breach
Skoda is a line of automobiles from Skoda Inc. A security vulnerability exists in Skoda Automotive that originates from allowing access to user nicknames and identifiers by specifying arbitrary vehicle VIN numbers...
PT-2024-12183 · Skoda · Skoda Automotive Cloud
Name of the Vulnerable Software and Affected Versions: Skoda Automotive cloud affected versions not specified Description: The issue allows attackers to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number, due to a Broken Access...
A week in security (December 5 - 11)
Last week on Malwarebytes Labs: Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 Eufy "no cloud" security cameras streaming data to the cloud Snapchat gives Californians more power over their personal data Update now! Emergency fix for Google Chrome's V8...
Vehicle Identification Numbers reveal driver data via telematics
There are many ways that data collection, and data availability, make less sense as the years pass by. This is frequently accompanied by a resistance to change, to improve these processes, because "thats how weve always done it". Sadly this is often the case even when those data collectors have...
SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manne...
CVE-2020-29439
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module BCM to initiate a Bluetooth wake-up action. The full VIN is visible from outside the vehicle...
Tesla Model X Security Breach
Tesla The Tesla Model X is a new energy vehicle from the American company Tesla. A security vulnerability exists in versions of Tesla Model X vehicles prior to 2020-11-23, which stems from the fact that its key fobs rely on 5 VIN digits for authentication, and the Body Control Module BCM is...
Millions of Honda/Acura owners affected by hacked Honda database !
The Japanese motor company, Honda, today issued an alert to U.S. customers concerning a security breach resulting from a hacked database. The database that was managed by a third-party marketing group contained confidential information, including names of car owners, personal e-mail addresses, an...