Search This Blog

Showing posts with label Automobile. Show all posts

BMW and Hyundai Networks Compromised by Vietnamese Hackers

Hackers allegedly having links to the Vietnamese government have hacked the networks of two leading automobile manufacturers, BMW and Hyundai, according to the recent reports from the German media.

At the same time, eliminating the novelty from the incident, the reports by Bayerische Rundfunk (BR) and Taggesschau (TS) are making claims that around spring this year, the networks of a BMW branch were breached by attackers.

Reports suggest, hackers installed 'Cobalt Strike', a penetration testing toolkit onto the targeted networks; it was employed as a backdoor through which the compromised networks were intruded by attackers.

Supposedly, BMW was acquainted with the attacker's operations and let them continue to penetrate further into their networks. However, the company brought it to an end by putting a restriction onto the illegal access in the last week of November.

According to the findings, the attackers who compromised BMW's networks also no infected South Korean multinational automotive manufacturer, Hyundai. However, no additional information has been provided regarding the Hyundai breach.

The group behind these attacks, Ocean Lotus (APT32) has been in the cybercrime ecosystem since 2014 and is popular for targeting the automobile sector.

Referencing from the reports, "The attack of the alleged Vietnamese hacker group began in the spring of 2019. Last weekend, the automobile company from Munich finally took the computers concerned off the grid. Previously, the group's IT security experts had been monitoring the hackers for months. This is the result of research by the Bayerischer Rundfunk. Also on the South Korean car manufacturer Hyundai, the hackers had it apart."

"The Federal Office for the Protection of the Constitution also follows the hackers of OceanLotus. "The grouping of OceanLotus has already become important, and one should keep an eye on the development, especially because of the target range automotive industry," said a spokeswoman. In the summer, the German Association of the Automotive Industry (VDA) sent an e-mail to its members. The subject was: "Warning message from the Federal Office for the Protection of the Constitution about poscyberattacksttacks (OceanLotus) on German automobile companies." In the e-mail, the BR research, the hacker's procedure is described in detail." The report reads.

MyCar exposes thousands of vehicles to hackers

A cybersecurity researcher claim to have found a series of vulnerabilities in a remote-based automobile app 'MyCar' that might have exposed more than 60,000 cars to hackers.

During a conference in Las Vegas on Saturday, the security expert who goes by the name Jmaxxz, identified several issues in an app 'MyCar' developed by a Canadian Automobility company.

According to the exposed database, the expert estimated that roughly 60,000 cars were vulnerable to theft by security flaws, through this exposed data hackers could even choose which car model they want to steal.

The app MyCar connects "to radio-based remote start devices like Fortin, CodeAlarm, and Flashlogic using GPS and a cellular connection to extend their range using an Internet connection."

The security flaws are far beyond theft or remote alarm-triggering pranks. However, starting of a car without the owner's knowledge could lead to dangerous carbon monoxide leaks which could be fatally dangerous.

MyCar's parent company has said that they have started investigating into the matter and would promptly solve the flaws.