1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Your in-car entertainment system and EV charger likely have big s

    From TechnologyDaily@1337:1/100 to All on Mon Jan 29 12:30:04 2024
    Your in-car entertainment system and EV charger likely have big security flaws, hackers find

    Date:
    Mon, 29 Jan 2024 12:16:03 +0000

    Description:
    A recent Pwn2Own Automotive hacking competition unearthed 49 serious security flaws in an array of infotainment systems and EV chargers.

    FULL STORY ======================================================================

    Dozens of vulnerabilities have been discovered in vehicle charging systems, in-car entertainment technology and modem subsystems from some of the worlds biggest automotive suppliers, including Tesla.

    The vulnerabilities, which numbered almost 50 in total, were unearthed thanks to the Pwn2Own Automotive hacking competition, which took place during the Automotive World conference in Tokyo earlier this month.

    The Pwn2Own concept, which was first launched in 2007, sees some of the world's leading security researchers and 'white hat' hackers gather to find security flaws in consumer technology. As of 2019, the annual competition added connected vehicles and their related infrastructure.

    During this year's three-day challenge, the competition quickly uncovered vulnerabilities in Automotive Grade Linux, ChargePoint, JuiceBox, Phoenix Contact, and Ubiquiti Connect EV Station electric vehicle chargers. In-car entertainment systems from Alpine, Pioneer, and Sony (although these tended
    to be aftermarket head units, rather than manufacturer-fitted devices) and
    the modem in Tesla vehicles were also highlighted the latter providing root access, according to Hackster.io .

    Further into the competition, additional bugs were found in chargers from Autel and Emporia, bringing the total over three days to 49 "unique zero-day vulnerabilities". The overall prize pot totaled $1 million, but Team
    Synacktiv unearthed the most security flaws and therefore took the greatest number of points, securing a total winnings of $450,000.

    In order to maintain privacy and prevent future attacks, details of the vulnerabilities are kept firmly under wraps. The only information organizers of the Zero Day Initiative (ZDI) unveils is things like "Vudq16 and Q5CA from u0K++ successfully executed a stack-based buffer overflow against the Alpine Halo9 iLX-F509". So not especially helpful for the average car owner, for
    now.

    However, detailed information becomes the property of the ZDI and is subsequently disclosed privately to each of the affected manufacturers,
    giving them a chance to release patches and avoid future issues. Analysis: Cars are digital security nightmares (Image credit: Lexus)

    One of the most popular buzzwords in automotive right now is the ' software defined vehicle ' a blanket term that relates to the burgeoning amount of connectivity found in modern cars.

    Thanks to the increased data transfer speeds of the 4G and 5G network, the cars on today's roads can be updated remotely, they can 'talk' to existing infrastructure and even other vehicles.

    Plug an EV into a public charging station and the vehicle, RFID card and/or smartphone app used during the transaction hands over a bundle of owner information, including names, email addresses and even location, browsing history and online behavioral patterns, according to an article published by the IAPP , the worlds largest global information privacy community.

    On top of this, research by Mozilla revealed that modern cars are "the worst product category we have ever reviewed for privacy" thanks to poor practices on data protection, while vulnerabilities in infotainment systems have
    allowed some security researchers to gain access to restricted vehicle features , such as those premium paid-for features found in Tesla and BMW cars, for example.

    More worrying still is the rise in vehicle theft thanks to criminals using sophisticated technology to mimic remote keyless systems. Canadas Prime Minister, Justin Trudeau, recently announced it is to hold a summit next
    month to coordinate a national response to a shocking spike in auto thefts across the country in recent years.

    Although events like the Pwn2Own Automotive competition help to expose flaws in modern vehicles and their related digital ecosystems, it only really scratches the surface of the privacy and security problems that face modern connected cars. If anything, it serves as further proof that a lot more needs to be done. You might also like Hyundai is building its own in-car AI system and it actually sounds like a good idea Digital car keys could finally get safer and more popular soon here's why Major security flaws found in Mercedes, Ferrari and other top luxury cars



    ======================================================================
    Link to news story: https://www.techradar.com/vehicle-tech/hybrid-electric-vehicles/your-in-car-en tertainment-system-and-ev-charger-likely-have-big-security-flaws-hackers-find


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)