While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars.
They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor public charging stations and communicate with the dealer about any electrical failures.
A whole new slew of electric car-related vulnerabilities came out last week thanks to the Pwn2Own hacking event in Tokyo as part of the Automotive World conference.
Car and charging companies were offering a combined $1 million in bug bounty payments for researchers who could find security vulnerabilities in a range of cars and electric car-related products like home chargers.
In all, researchers discovered 49 zero-day vulnerabilities, including a two-vulnerability exploit chain in Tesla cars that could allow an attacker to take over the onboard infotainment system.
Other vulnerabilities were discovered in ChargePoint and Juicebox products, two prominent manufacturers of home, travel and commercial electric charging equipment.
Imagine an attacker taking the time to hack into a Tesla's modem so they can turn on a car's windshield wipers without the driver knowing.
Tesla stated after Pwn2Own that none of the vulnerabilities discovered would be more than an annoyance for the driver.
Previous vulnerabilities that could allow someone to drive away with your car would be more than an annoyance, but this latest batch of bugs has lower stakes than that.
I could see a lot of traditionalists who are hesitant to switch to electric cars being hesitant because their 2011 Toyota Corolla doesn't require the internet to run.
That doesn't mean that owning an electric car or installing a home charger are inherently risky.
The hackers had been targeting U.S. water treatment plants, the power grid, oil and natural gas pipelines, and transportation systems, Wray said.
As highlighted by Talos' report on JaguarTooth last year, unpatched routers or older routers with security vulnerabilities are easy targets for state-sponsored actors, and they can often sit unnoticed on these devices for months or years.
The FBI and U.S. Cybersecurity and Infrastructure Security Agency warned router vendors to patch their devices as soon as possible to prevent the exploitation of vulnerabilities Volt Typhoon is known for using.
Ads displayed in several different popular mobile apps are part of a mass global surveillance effort, with the information eventually being sold to national security agencies that can track the physical location, hobbies, and names of users' family members.
The ad-based tool, known as Patternz, strikes deals with smaller ad networks to gather information from users' devices when they access some apps like Kik messenger and the 9gag online forum.
Separately, security researchers also found that many push notifications on iPhones are unknowingly sending user information back to apps, even if the user doesn't have those apps installed.
A cyber attack disrupted nearly all the government services of Fulton County, Georgia, this week, with systems still recovering as of Wednesday afternoon.
The attack is notable because Fulton County is where former U.S. President Donald Trump is charged and being tried for his involvement in trying to overturn the results of the 202 presidential election.
The cyber attack also targeted the office of the District Attorney who investigated and is charging Trump.
This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 01 Feb 2024 19:13:04 +0000