Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label car tracking. Show all posts
Modern Vehicles
autonomous vehicles car tracking Cyber Security cyberattacks on transportation cybersecurity vulnerability Hacker attack Modern Vehicles

Why Oslo’s Bus Security Tests Highlight the Hidden Risks of Connected Vehicles

 

Modern transportation looks very different from what it used to be, and the question of who controls a vehicle on the road no longer has a simple answer. Decades ago, the person behind the wheel was unquestionably the one in charge. But as cars, buses, and trucks increasingly rely on constant connectivity, automated functions, and remote software management, the definition of a “driver” has become more complicated. With vehicles now vulnerable to remote interference, the risks tied to this connectivity are prompting transportation agencies to take a closer look at what’s happening under the hood. 

This concern is central to a recent initiative by Ruter, the public transport agency responsible for Oslo and the surrounding Akershus region. Ruter conducted a detailed assessment of two electric bus models—one from Dutch manufacturer VDL and another from Chinese automaker Yutong—to evaluate the cybersecurity implications of integrating modern, connected vehicles into public transit networks. The goal was straightforward but crucial: determine whether any external entity could access bus controls or manipulate onboard camera systems. 

The VDL buses showed no major concerns because they lacked the capability for remote software updates, effectively limiting the pathways through which an attacker could interfere. The Yutong buses, however, presented a more complex picture. While one identified vulnerability tied to third-party software has since been fixed, Ruter’s investigation revealed a more troubling possibility: the buses could potentially be halted or disabled by the manufacturer through remote commands. Ruter is now implementing measures to slow or filter incoming signals so they can differentiate between legitimate updates and suspicious activity, reducing the chance of an unnoticed hijack attempt. 

Ruter’s interest in cybersecurity aligns with broader global concerns. The Associated Press noted that similar tests are being carried out by various organizations because the threat landscape continues to expand. High-profile demonstrations over the past decade have shown that connected vehicles are susceptible to remote interference. One of the most well-known examples was when WIRED journalist Andy Greenberg rode in a Jeep that hackers remotely manipulated, controlling everything from the brakes to the steering. More recent research, including reports from LiveScience, highlights attacks that can trick vehicles’ perception systems into detecting phantom obstacles. 

Remote software updates play an important role in keeping vehicles functional and reducing the need for physical recalls, but they also create new avenues for misuse. As vehicles become more digital than mechanical, transit agencies and governments must treat cybersecurity as a critical aspect of transportation safety. Oslo’s findings reinforce the reality that modern mobility is no longer just about engines and wheels—it’s about defending the invisible networks that keep those vehicles running.
Read more »
Hacking
car tracking Cyber Security cybersecurity vulnerability dealership portal exploit Hacking

White-Hat Hacker Exposes Car Dealership Portal Flaw That Allowed Vehicle Unlocking and Tracking

 

Imagine being able to track any car in real time, find out exactly where it’s parked, and then unlock it using just your phone. Not only that, but you could cancel car shipments or access sensitive customer data—all without ever setting foot inside a dealership. Sounds like a scene from a cyber-thriller, right? Except this actually happened, thanks to a security loophole in a major car manufacturer’s dealership portal.

Fortunately, the person who uncovered this alarming vulnerability wasn’t a criminal but cybersecurity researcher Eaton Zveare. According to TechCrunch, Zveare stumbled upon the issue during what he described as a “weekend project,” when he discovered “two simple API vulnerabilities” within the portal. Although he didn’t reveal the automaker’s name, he did confirm that it’s a “famous brand with several sub-brands.”

By exploiting the flaw, Zveare was able to grant himself administrator-level access—the highest permissions possible. That meant he could view sensitive buyer information such as names, addresses, financial details, and even VIN numbers of vehicles parked on the street. More alarmingly, he could track rental and courtesy cars in real time and remotely unlock vehicles linked to the system. He even had the ability to cancel car shipments to more than 1,000 dealerships across the U.S.

This kind of car hacking vulnerability isn’t new. In January, Subaru faced a similar exposure, raising further concerns about the growing risks of connected car technology.

As Zveare noted, the smarter and more connected vehicles become, the greater the potential for hackers to exploit weak links. Modern car apps already let owners locate, track, and unlock their vehicles remotely—but when that same access falls into the wrong hands, it poses a massive cybersecurity threat to the automotive industry.

This isn’t Zveare’s first big discovery. In 2023, he gained access to Toyota Mexico’s customer data and, shortly before that, infiltrated Toyota’s global supplier management network—a critical system for its supply chain. He later described that flaw as “one of the most severe vulnerabilities I have ever found.”

The silver lining? Zveare responsibly reports all vulnerabilities to companies before going public, giving them time to fix the issues. He first identified the dealership portal exploit in February, and the problem has since been resolved.

Still, his findings highlight a sobering reality: if one researcher can uncover these flaws, malicious hackers may already be exploiting others that remain undiscovered.

So, while you might think locking your car is enough, in the age of connected vehicles and remote access hacks, that may no longer be the case.
Read more »
Subscribe to: Comments (Atom)