DISC InfoSec blog

From a detailed report – compiled by security researcher Sam Curry – the findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem. https://lnkd.in/gdAXGjaN The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) […]

The impacted automotive giants include BMW, Toyota, Ford, Honda, Mercedes-Benz and many more… These API vulnerabilities exposed vehicles to information theft, account takeover, remote code execution (RCE), and even hijacking of physical commands such as starting and stopping engines. Millions of vehicles belonging to 16 different manufacturers had completely exposed API vulnerabilities which could be abused to […]

The majority of major automobile manufacturers have addressed vulnerability issues that would have given hackers access to their vehicles to perform the following activities remotely:- Lock the car Unlock the car Start the engine Press the horn Flas the headlights Open the trunk of certain cars made after 2012 Locate the car Flaw in SiriusXM […]

Multiple flaws in MiCODUS MV720 Global Positioning System (GPS) trackers shipped with over 1.5 million vehicles can allow hackers to remotely hack them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 million vehicles. An attacker can […]