Connected cars. What could possible go wrong?
"The affected companies all fixed the issues within one or two days of reporting," Curry told."We worked with all of them to validate them and make sure there weren't any bypasses."
"This would've allowed us to track and shut off starters for police, ambulances, and law enforcement vehicles for a number of different large cities and dispatch commands to those vehicles," the researchersThe bugs also gave them full administrator access to Spireon and a company-wide administration panel from which an attacker could send arbitrary commands to all 15 million vehicles, thus remotely unlocking doors, honking horns, starting engines and disabling starters.
"Additionally, an attacker could POST to the"/core/api/v1/Users/:id/Roles" endpoint to edit their user roles, setting themselves to have super-user permissions or become a Ferrari owner," the researchers said. So, for example, an attacker could access an internal dealer portal, query a VIN number and then retrieve all of the sales documents associated with the vehicle.What not to say to a bug hunter
So the team used their newly created account credentials to login to several applications containing sensitive data. Then they"achieved remote code execution via exposed actuators, spring boot consoles, and dozens of sensitive internal applications used by Mercedes-Benz employees."
Belgique Dernières Nouvelles, Belgique Actualités
Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.
Evil Dead Rise director addresses whether it's connected to previous moviesThe Necronomicon could hold the key.
Lire la suite »
Marko: Red Bull should fear Mercedes more than Ferrari in F1 2023Red Bull F1 advisor Helmut Marko believes the team should fear Mercedes more than Ferrari as it prepares to defend its championships in 2023. Full story ⬇️
Lire la suite »
Marko: Red Bull should fear Mercedes more than Ferrari in F1 2023Red Bull F1 advisor Marko thinks his team should be more afraid of Mercedes than of Ferrari going into the 2023 season. 'Mainly because they have an advantage over Ferrari in terms of strategy and reliability.'
Lire la suite »
Silverstone's British Grand Prix voted best Formula One raceCarlos Sainz of Ferrari won an eventful race
Lire la suite »
Ferrari criticised for the 'incomprehensible' decision to let Mattia Binotto goA former Formula 1 driver has criticised Ferrari's decision to replace team principal Mattia Binotto with Frederic Vasseur for 2023.
Lire la suite »
Ferrari's Carlos Sainz investigated for 'closing his dad's door' at Dakar RallyFerrari Formula 1 driver Carlos Sainz Jr was reported to the FIA for closing his father’s car door during the Dakar Rally. Sainz Jr has been following the progress of his rallying legend father in …
Lire la suite »