Hackers Could Turn Off Your Car Engine – While You Are Driving

Bosch’s Drivelog Connect product, which enables you to monitor your car’s performance from your smartphone, can be exploited by hackers to shut off your engine while you are driving.
 
Researchers at security firm Argus found a vulnerability in the authentication process between the Drivelog Connector dongle, which connects to the car’s diagnostics interface, and the Drivelog Connect smartphone app.
 
The resulting information leakage enabled the researchers to “brute-force” the PIN and connect to the dongle through Bluetooth.
 
Once they connected to the dongle, the researchers were able to exploit security holes in the message filter to inject malware into the vehicle’s controller area network (CAN bus). They then shut off the engine of the moving car. The CAN bus enables microcontrollers and devices to communicate with each other without a host computer.
 
The researchers explained that attackers could also manipulate other vehicle systems connected to the network.
 
Argus informed Bosch of the vulnerabilities  and the following day Bosch responded that it was working to fix the problem. In an advisory published recently, Bosh said it activated two-step authentication and updated the dongle’s firmware to address the vulnerabilities identified and exploited by the researchers.
 
What the Argus researchers found is disturbing, but the fact that the attackers have to be within Bluetooth range limits its impact since the attackers would have to be close to the target vehicle in order to shut off the engine.

IT Securitywriter.com

You Might Also Read:

Older Cars Can Connect To Modern Smartphones:

No Need To Shoot Down Drones – Just Hijack Them:

Connected-Cars Could Cost Your Privacy:

 

« Cardiff Cyber Security Research Centre - 'first in Europe'
Getting Intelligence Agencies To Adapt To Life Out Of The Shadows »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

DigiGlass

DigiGlass

DigiGlass is a cutting-edge cybersecurity service provider powered by Redington Gulf, a leading technology distributor in the Middle East and Africa.