Kaspersky Reveals Vulnerabilities In The Automotive Industry, Threatens Driver Safety

JAKARTA - Kaspersky's global cybersecurity company found a security flaw in the connected car system, from one of the automotive manufacturers.

This finding states that the vulnerability comes from zero-day vulnerable in contractor applications that can be accessed by the public.

This gap allows attackers to take over the telematics system and even send malicious commands, such as turning off the engine or forcing gear movement while the vehicle is running.

Security audits were carried out remotely and targeted public services belonging to contractor manufacturers and infrastructure. Kaspersky identified several exposed web services.

First, through a zero-day SQL injection vulnerability in the wiki app, with a SQL injection vulnerability that allows hackers to extract a list of users along with a password hash. Some of them were predictable due to a weak code security policy.

On the connected vehicle side, Kaspersky discovered a misconfiguration firewall that exposes the internal server. With pre-obtained credentials, they can access the file system and find other contractor accounts that give full control of the telematics system.

Most worrying, the researchers discovered a firmware update order that allowed them to upload modified firmware to the Telematic Control Unit (TCU), Kaspersky said.

This allows the potential manipulation of various important vehicle functions, which can endanger the safety of drivers and passengers.

Kaspersky recommends that contractors limit internet access to web services via VPN, isolate services from corporate networks, implement strict password policies, implement 2FA, encrypt sensitive data, and integrate records with the SIEM system for real-time monitoring.

For automotive manufacturers, Kaspersky recommends limiting access to telematics platforms from the vehicle network segment, using a list of permissions for network interactions, disabling SSH password authentication, running services with minimal privileges, and ensuring the authenticity of commands on TCUs, in addition to SIEM integration.