Security News
An ex-Tesla staffer has filed a proposed class action lawsuit that blames poor access control at the carmaker for a data leak, weeks after Tesla itself sued the alleged leakers, two former employees. As a result of Defendant's inadequate data security and inadequate or negligent training of its employees, on or around May 10, 2023, a foreign media outlet, Handelsblatt, informed Tesla that it had obtained Tesla confidential information.
The likelihood of substantially more frequent, devious, and harmful attacks is portended by the complex attacks on connected cars that we have seen devised by industry researchers. How are attacks on tomorrow's connected cars likely to evolve?
In this Help Net Security video, Eve Maler, CTO at ForgeRock, discusses how digital identity can help create a more secure connected car experience and what car manufacturers should consider...
Ford is warning of a buffer overflow vulnerability in its SYNC3 infotainment system used in many Ford and Lincoln vehicles, which could allow remote code execution, but says that vehicle driving safety isn't impacted. The vulnerability is tracked as CVE-2023-29468 and is in the WL18xx MCP driver for the WiFi subsystem incorporated in the car's infotainment system, which allows an attacker in WiFi range to trigger buffer overflow using a specially crafted frame.
The person claims a few of them walking together one night saw a cone on the hood of an AV, which appeared disabled. They weren't sure at the time which came first; perhaps someone had placed the cone on the AV's hood to signify it was disabled rather than the other way around.
The Russian state-sponsored hacking group 'APT29' has been using unconventional lures like car listings to entice diplomats in Ukraine to click on malicious links that deliver malware. APT29 is linked to the Russian government's Foreign Intelligence Service and has been responsible for numerous cyberespionage campaigns targeting high-interest individuals across the globe.
While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage.
Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough. "This represents a roughly 660 percent increase in thefts of Kia and Hyundai vehicles as compared to those same months in 2022, when there were only 148 such thefts," blasts the complaint [PDF] filed with the United States District Court, Southern District of New York.
For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. While there is no evidence that the data was misused, unauthorized users could have accessed the historical data and possibly the real-time location of 2.15 million Toyota cars.