Security News > 2020 > March > Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks
Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.
Research into the AVN system in the 2017 Lexus NX300 - the same system is also used in other models, including LS and ES series - has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car.
The Lexus AVN consists of the DCU and MEU, with the main board of the DCU exposing attack surfaces such as Wi-Fi, Bluetooth and USB interfaces.
The Chinese researchers leveraged two vulnerabilities to target the in-vehicle Bluetooth service and achieve remote code execution in the DCU system with root privileges.
"Thus, Toyota believes that exploiting these vulnerabilities in the manner developed by Keen Lab is extremely sophisticated, and the likelihood of this condition to occur in the real world is limited," the vehicle maker says.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Subaru Starlink flaw let hackers hijack cars in US and Canada (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)