Hackers Could Turn Off Your Car Engine – While You Are Driving

Uploaded on 2017-05-04 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Bosch’s Drivelog Connect product, which enables you to monitor your car’s performance from your smartphone, can be exploited by hackers to shut off your engine while you are driving.
 
Researchers at security firm Argus found a vulnerability in the authentication process between the Drivelog Connector dongle, which connects to the car’s diagnostics interface, and the Drivelog Connect smartphone app.
 
The resulting information leakage enabled the researchers to “brute-force” the PIN and connect to the dongle through Bluetooth.
 
Once they connected to the dongle, the researchers were able to exploit security holes in the message filter to inject malware into the vehicle’s controller area network (CAN bus). They then shut off the engine of the moving car. The CAN bus enables microcontrollers and devices to communicate with each other without a host computer.
 
The researchers explained that attackers could also manipulate other vehicle systems connected to the network.
 
Argus informed Bosch of the vulnerabilities  and the following day Bosch responded that it was working to fix the problem. In an advisory published recently, Bosh said it activated two-step authentication and updated the dongle’s firmware to address the vulnerabilities identified and exploited by the researchers.
 
What the Argus researchers found is disturbing, but the fact that the attackers have to be within Bluetooth range limits its impact since the attackers would have to be close to the target vehicle in order to shut off the engine.

IT Securitywriter.com

You Might Also Read:

Older Cars Can Connect To Modern Smartphones:

No Need To Shoot Down Drones – Just Hijack Them:

Connected-Cars Could Cost Your Privacy:

 

« Cardiff Cyber Security Research Centre - 'first in Europe'
Getting Intelligence Agencies To Adapt To Life Out Of The Shadows »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Logz.io

Logz.io

Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a enterprise-grade cloud service with machine learning technology.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.

IBN Technologies

IBN Technologies

IBN Technologies offerings include customized, high-end Cloud Managed Services and Cyber Security Solutions tailored to companies with critical Internet components.