Comments
Connected Cars Pose New Security Challenges
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/8/2018 | 2:11:05 PM
Long history
Alas, automakers have a history of downplaying (and even ignoring) exploits and vulnerabilities in their cars (see, e.g., forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/ ). Can't say as I particularly trust them.
Jon M. Kelley
50%
50%
Jon M. Kelley,
User Rank: Moderator
3/8/2018 | 11:38:24 AM
Re: Connected cars need extensive blackbox testing
Once Mobile Ransomware starts hitting connected cars, the U.S. government may get involved as it did with seatbelts and airbags.  Given history we may have decades of connected cars before government regulations force manufacturers to fix them.  Unfortunately for consumers, manufacturers have learned that remote software updates are very cost effective.  This will leave the connection available for others, as well as manufacturers, to try to turn it into a revenue stream. 
HamidK95001
50%
50%
HamidK95001,
User Rank: Author
3/6/2018 | 3:41:28 PM
Connected cars need extensive blackbox testing
A rapidly emerging trend is to apply extensive blackbox testing for connected cars and in particular fuzzing seems to be rather effctive in exposing hidden weaknesses. 


'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2486
PUBLISHED: 2018-12-11
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2018-2492
PUBLISHED: 2018-12-11
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
CVE-2018-2494
PUBLISHED: 2018-12-11
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
CVE-2018-2497
PUBLISHED: 2018-12-11
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT.
CVE-2018-2500
PUBLISHED: 2018-12-11
Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted.