Hackers Could Turn Off Your Car Engine – While You Are Driving

Bosch’s Drivelog Connect product, which enables you to monitor your car’s performance from your smartphone, can be exploited by hackers to shut off your engine while you are driving.
 
Researchers at security firm Argus found a vulnerability in the authentication process between the Drivelog Connector dongle, which connects to the car’s diagnostics interface, and the Drivelog Connect smartphone app.
 
The resulting information leakage enabled the researchers to “brute-force” the PIN and connect to the dongle through Bluetooth.
 
Once they connected to the dongle, the researchers were able to exploit security holes in the message filter to inject malware into the vehicle’s controller area network (CAN bus). They then shut off the engine of the moving car. The CAN bus enables microcontrollers and devices to communicate with each other without a host computer.
 
The researchers explained that attackers could also manipulate other vehicle systems connected to the network.
 
Argus informed Bosch of the vulnerabilities  and the following day Bosch responded that it was working to fix the problem. In an advisory published recently, Bosh said it activated two-step authentication and updated the dongle’s firmware to address the vulnerabilities identified and exploited by the researchers.
 
What the Argus researchers found is disturbing, but the fact that the attackers have to be within Bluetooth range limits its impact since the attackers would have to be close to the target vehicle in order to shut off the engine.

IT Securitywriter.com

You Might Also Read:

Older Cars Can Connect To Modern Smartphones:

No Need To Shoot Down Drones – Just Hijack Them:

Connected-Cars Could Cost Your Privacy:

 

« Cardiff Cyber Security Research Centre - 'first in Europe'
Getting Intelligence Agencies To Adapt To Life Out Of The Shadows »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Secucloud

Secucloud

Secucloud GmbH is a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform, particularly for providers.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.