Hackers Could Turn Off Your Car Engine – While You Are Driving

Uploaded on 2017-05-04 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Bosch’s Drivelog Connect product, which enables you to monitor your car’s performance from your smartphone, can be exploited by hackers to shut off your engine while you are driving.
 
Researchers at security firm Argus found a vulnerability in the authentication process between the Drivelog Connector dongle, which connects to the car’s diagnostics interface, and the Drivelog Connect smartphone app.
 
The resulting information leakage enabled the researchers to “brute-force” the PIN and connect to the dongle through Bluetooth.
 
Once they connected to the dongle, the researchers were able to exploit security holes in the message filter to inject malware into the vehicle’s controller area network (CAN bus). They then shut off the engine of the moving car. The CAN bus enables microcontrollers and devices to communicate with each other without a host computer.
 
The researchers explained that attackers could also manipulate other vehicle systems connected to the network.
 
Argus informed Bosch of the vulnerabilities  and the following day Bosch responded that it was working to fix the problem. In an advisory published recently, Bosh said it activated two-step authentication and updated the dongle’s firmware to address the vulnerabilities identified and exploited by the researchers.
 
What the Argus researchers found is disturbing, but the fact that the attackers have to be within Bluetooth range limits its impact since the attackers would have to be close to the target vehicle in order to shut off the engine.

IT Securitywriter.com

You Might Also Read:

Older Cars Can Connect To Modern Smartphones:

No Need To Shoot Down Drones – Just Hijack Them:

Connected-Cars Could Cost Your Privacy:

 

« Cardiff Cyber Security Research Centre - 'first in Europe'
Getting Intelligence Agencies To Adapt To Life Out Of The Shadows »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Cleafy

Cleafy

Cleafy are a team of fraud hunters, cybersecurity experts, data scientists, and software engineers. Our purpose is to make people’s life easier and free from the threats in the digital ecosystem.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

Prim'X Technologies

Prim'X Technologies

Prim'X Technologies provides information protection solutions to prevent unauthorised access to sensitive data.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

Qryptonic

Qryptonic

Qryptonic pioneers next-generation cybersecurity by leveraging the unparalleled capabilities of quantum computing to defend against evolving threats.