[Nulled] » Information security » Automakers in pursuit of active and passive safety at the time would like to think about information.
January 16 2023

Automakers in pursuit of active and passive safety at the time would

web3 16-01-2023, 12:23 Information security 173

Automakers in pursuit of active and passive safety at the time would like to think about information.

While BMW, Mercedes, Toyota and other popular manufacturers were engaged in crash tests of their cars, cybersecurity researcher Sam Curry and his colleagues discovered many vulnerabilities in cars and services implemented by automotive solution providers.

As it turned out, more than a dozen car manufacturers use vulnerable APIs that can allow potential attackers to perform malicious actions. Moreover, the identified bugs allow you to perform a fairly wide range of malicious actions, ranging from unlocking cars to tracking them.

The shortcomings discovered by experts affected cars of popular brands, including Kia, Honda, Infiniti, Nissan, Acura, Mercedes-Benz, Genesis, BMW, Rolls Royce, Ferrari, Ford, Porsche, Toyota, Jaguar, Land Rover.

The research team also found flaws in the services provided by Reviver, SiriusXM and Spireon.

No matter how ridiculous it may sound, but not only the owner of a wonderful car can "manage a dream" and use "the best or nothing", since the exploitation of some vulnerabilities gives access to hundreds of critical internal applications. 

For example, in Mercedes, through an incorrectly configured SSO (single sign-on), an attacker could use remote code execution in several systems, which allowed access to the contents of the memory of some systems and lead to the disclosure of personal data of an employee or client.

The researchers managed to gain access to private GitHub instances, internal chat channels on Mattermost (which works like slack), servers, Jenkins and AWS instances, XENTRY systems that connect to customers' cars and much more.

In the case of BMW and Rolls Royce, experts were able to access internal dealer portals, request a VIN for any car and obtain sale documents, including confidential information about the owner.

In the scenario with Kia, the specialists managed to achieve a complete seizure of cars through an outdated dealer portal.

A vulnerability was identified with Porsche related to the possibility of obtaining information about the location of the car, sending commands for the car and obtaining information about customers.

The experts also demonstrated how to use some flaws to gain access to the Reviver license plate service and update the status of any vehicle to "stolen", which updates the license plate and informs law enforcement agencies.

If you believe the manufacturers and service providers, then all the vulnerabilities discovered by experts have been eliminated, but the bell is extremely alarming and, probably, in the future we will still see a truly uprising of machines.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:23
  • Publication category(s): Information security
  • Number of views of the publication: 173
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Auth0 fixed an RCE

Auth0 fixed an RCE vulnerability in the popular open source library JsonWebToken, which was used in more than

Read more
16 January 2023
Information security
Potentially serious UEFI

Potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips affect many devices manufactured by

Read more
16 January 2023
Information security»,Protection and hacking
Apparently, New Year's

Apparently, New Year's Eve is not up to updates, especially when online stores on WordPress are actively selling

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
13 March 2022
Information security
Information security

Information security Information protection Wikipedia The practice of preventing unauthorized access, use,

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +4 Total articles 6751
  • +15 Comments 4237
  • +29 Users : 6074