Security News

Car Thieves Hacking the CAN Bus
2023-04-11 11:22

Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby. News articles.

Microsoft delays Exchange Online CARs deprecation until 2024
2023-04-08 14:05

Microsoft announced today that Client Access Rules deprecation in Exchange Online will be delayed by one year until September 2024. Microsoft 365 administrators can utilize CARs comprising priority values, exceptions, actions, and conditions to filter client access to Exchange Online using various factors.

CAN do attitude: How thieves steal cars using network bus
2023-04-06 10:34

Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring. A Controller Area Network bus is present in nearly all modern cars, and is used by microcontrollers and other devices to talk to each other within the vehicle and carry out the work they are supposed to do.

Ferrari in a spin as crims steal a car-load of customer data
2023-03-21 01:45

Italian automaker Ferrari has warned its well-heeled customers that their personal data may be at risk. "We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," opens a letter sent to Ferrari owners, including one Reg reader who was kind enough to share it.

Hyundai, Kia patch bug allowing car thefts with a USB cable
2023-02-15 18:11

Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them."In response to increasing thefts targeting its vehicles without push-button ignitions and immobilizing anti-theft devices in the United States, Hyundai is introducing a free anti-theft software upgrade to prevent the vehicles from starting during a method of theft popularized on TikTok and other social media channels," reads Hyundai's announcement.

Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack
2023-02-15 07:29

Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug.

Another RAC staffer nabbed for storing, sharing car crash data
2023-02-03 11:30

A former employee of RAC, one of Britain's major roadside recovery service operators, has pleaded guilty to data theft after he stored traffic accident information on his personal device that was passed onto claims companies. He admitted two counts of data theft last month, the UK data watchdog said.

How to track equipped cars via exploitable e-ink platemaker
2023-01-10 16:18

California's street-legal ink license plates only received a nod from the US government in October, but reverse engineers have already discovered vulnerabilities in the system allowing them to track each plate, reprogram them or even delete them at a whim. In a blog post by security researcher Sam Curry, he describes a project targeting digital license plate maker Reviver put together with some friends, among several other automotive security experiments.

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
2023-01-09 10:30

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al detailed security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks.

SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
2022-12-05 11:08

Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number, researcher Sam Curry said in a Twitter thread last week. SiriusXM's Connected Vehicles Services are said to be used by more than 10 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.