Security News > 2020 > March > Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks
Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.
Research into the AVN system in the 2017 Lexus NX300 - the same system is also used in other models, including LS and ES series - has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car.
The Lexus AVN consists of the DCU and MEU, with the main board of the DCU exposing attack surfaces such as Wi-Fi, Bluetooth and USB interfaces.
The Chinese researchers leveraged two vulnerabilities to target the in-vehicle Bluetooth service and achieve remote code execution in the DCU system with root privileges.
"Thus, Toyota believes that exploiting these vulnerabilities in the manner developed by Keen Lab is extremely sophisticated, and the likelihood of this condition to occur in the real world is limited," the vehicle maker says.
News URL
Related news
- Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)