Security News > 2020 > March > Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks
Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.
Research into the AVN system in the 2017 Lexus NX300 - the same system is also used in other models, including LS and ES series - has revealed security issues with the Bluetooth and vehicular diagnosis functions on the car.
The Lexus AVN consists of the DCU and MEU, with the main board of the DCU exposing attack surfaces such as Wi-Fi, Bluetooth and USB interfaces.
The Chinese researchers leveraged two vulnerabilities to target the in-vehicle Bluetooth service and achieve remote code execution in the DCU system with root privileges.
"Thus, Toyota believes that exploiting these vulnerabilities in the manner developed by Keen Lab is extremely sophisticated, and the likelihood of this condition to occur in the real world is limited," the vehicle maker says.
News URL
Related news
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)