Security News
Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. ThyssenKrupp AG is one of the world's largest steel producers, employing over 100,000 personnel and having an annual revenue of over $44.4 billion.
Five $60,000 bounties - the second-highest monetary awards behind Synacktiv's $100k Tesla hacks - were awarded for attacks on EV chargers manufactured by Emporia, ChargePoint, Ubiquiti, Phoenix and JuiceBox. Three attacks against Automotive Grade Linux were also attempted, with only one succeeding.
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.After a zero-day vulnerability is exploited and reported to vendors during Pwn2Own, they have 90 days to release security patches before Trend Micro's Zero Day Initiative discloses it publicly.
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. Synacktiv Team took home $100,000 after successfully chaining three zero-day bugs to get root permissions on a Tesla Modem.
Researchers have discovered over two dozen vulnerabilities in "Smart" cordless nutrunners manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. The device supports a number of communication protocols that are used to integrate it with SCADA systems, PLCs, or other production devices.
Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. Eagers Automotive is the largest operator of car dealerships in Australia and New Zealand, with over 300 selling points for brands such as Toyota, BMW, Nissan, Mercedes-Benz, Audi, Ford, VW, and Honda.
In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion. These attacks mainly targeted automotive suppliers, not OEMs, showing an increasing trend in supply chain vulnerabilities.
The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. The Qilin ransomware group, also known as "Agenda," claimed the attack on Yanfeng by adding them to their Tor data leak extortion site yesterday.
As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive, sheds light on the challenges and possible solutions to the cybersecurity threats that modern vehicles encounter.
While it seemed like automotive cybersecurity would never outpace these modern laptop-wielding gearheads, John Heldreth, Head of Car Security Operations at Volkswagen AG, had a different idea. Taking a unique approach, John offers another way to view cybersecurity.