Major Vulnerabilities Discovered in Automotive Giants
This post is also available in: 
עברית (Hebrew)
Researchers found new critical vulnerabilities in various automotive giants such as Tesla, Ferrari, BMW, Toyota, and others. The researchers found a compromise in a yet undisclosed system used by the manufacturer AT&T which impacts several giant automotive companies that utilized the system. This vulnerability could potentially allow a threat actor to send and receive text messages, retrieve live geolocation, and disable hundreds of millions of SIM cards installed in Tesla, Subaru, Toyota, and Mazda vehicles, among others.
“The impact of this vulnerability went far beyond the scope of car hacking and affected nearly every industry (nearly anything which uses a SIM card),” researchers add.
According to reports by Cybernews.com, North America’s largest device-independent telematics company Spireon also found itself under the spotlight. Its discovered vulnerabilities included remote code execution on core systems for managing 1.2 million user accounts, full administrator access to a company-wide administration panel allowing to send arbitrary commands to an estimated 15.5 million vehicles and navigate location, as well as the ability to fully take over any vehicle, including police and ambulances.
According to the researchers, a vulnerability that arises from broken access control in Toyota’s financial web applications discloses the name, phone number, email address, and loan status of any Toyota financial customers.
Additional companies which were found to be compromised include Mercedes-Benz, Ford, SiriusXM, Reviver, Jaguar, Porsche, Land Rover, Hyundai, Genesis, Kia, Honda, Infiniti, Nissan, and Acura.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th
Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!
