Hackers Could Turn Off Your Car Engine – While You Are Driving

Bosch’s Drivelog Connect product, which enables you to monitor your car’s performance from your smartphone, can be exploited by hackers to shut off your engine while you are driving.
 
Researchers at security firm Argus found a vulnerability in the authentication process between the Drivelog Connector dongle, which connects to the car’s diagnostics interface, and the Drivelog Connect smartphone app.
 
The resulting information leakage enabled the researchers to “brute-force” the PIN and connect to the dongle through Bluetooth.
 
Once they connected to the dongle, the researchers were able to exploit security holes in the message filter to inject malware into the vehicle’s controller area network (CAN bus). They then shut off the engine of the moving car. The CAN bus enables microcontrollers and devices to communicate with each other without a host computer.
 
The researchers explained that attackers could also manipulate other vehicle systems connected to the network.
 
Argus informed Bosch of the vulnerabilities  and the following day Bosch responded that it was working to fix the problem. In an advisory published recently, Bosh said it activated two-step authentication and updated the dongle’s firmware to address the vulnerabilities identified and exploited by the researchers.
 
What the Argus researchers found is disturbing, but the fact that the attackers have to be within Bluetooth range limits its impact since the attackers would have to be close to the target vehicle in order to shut off the engine.

IT Securitywriter.com

You Might Also Read:

Older Cars Can Connect To Modern Smartphones:

No Need To Shoot Down Drones – Just Hijack Them:

Connected-Cars Could Cost Your Privacy:

 

« Cardiff Cyber Security Research Centre - 'first in Europe'
Getting Intelligence Agencies To Adapt To Life Out Of The Shadows »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

BigPanda

BigPanda

BigPanda is the first provider of Autonomous Operations solutions that empower IT Operations at large, complex enterprises.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.