Security News > 2020 > March > Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks
Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.
Research into the AVN system in the 2017 Lexus NX300 - the same system is also used in other models, including LS and ES series - has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car.
The Lexus AVN consists of the DCU and MEU, with the main board of the DCU exposing attack surfaces such as Wi-Fi, Bluetooth and USB interfaces.
The Chinese researchers leveraged two vulnerabilities to target the in-vehicle Bluetooth service and achieve remote code execution in the DCU system with root privileges.
"Thus, Toyota believes that exploiting these vulnerabilities in the manner developed by Keen Lab is extremely sophisticated, and the likelihood of this condition to occur in the real world is limited," the vehicle maker says.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)