Vulnerabilities found in Bosch Drivelog Connect car dongles allow an attacker to bypass authentication on the device and issue commands to cars, stopping their engines. Kyle Wilhoit, Senior Security Researcher at DomainTools commented below.
Kyle Wilhoit, Senior Security Researcher at DomainTools:
“Vehicular cybersecurity should be treated by manufacturers like that of critical SCADA environments, in my opinion. I say this because of the potential to cause harm should the environment (namely navigation, braking, and other critical systems) become compromised. Cars are becoming more virtual every day. From anti-lock braking systems to navigation control, the reliance on complex computing across a vehicle is surprising. One of the only saving graces to this technology is the attack surface. Typically to attack a vehicle’s onboard systems, the attacker would need to be within physical proximity of the vehicle. This is not always the case, and there are some remote exploit opportunities available, but those are a harder attack surface to compromise.”