Tag Archive for: Automakers

Automakers risk cyberattacks by paying white hat hackers less


The auto industry lags others in cybersecurity, said Mohammed Ismail, chair of the Electrical and Computer Engineering Department at Wayne State University in Detroit.

“With any new technology, this is a very typical situation,” he said. “When Wi-Fi and Bluetooth started 25 years ago, it took years for those technologies to be seamless and mature.”

Ismail estimates the auto industry needs about five more years of R&D to produce millions of predominantly software-based vehicles that are very secure.

Friendly hackers will help the industry get there.

“Using a bug bounty platform has proven to be an effective way to bring on board the knowledge and expertise of the security community,” Katja Liesenfeld, Mercedes-Benz Cars & Vans’ manager for IT communications, said in an email. “We cannot give more details on any technical details as the programs are private.”

Automakers are reluctant to talk about their reward programs and cybersecurity issues. Ford, Jaguar Land Rover, Nissan, Stellantis and Subaru declined to discuss their cybersecurity programs with Automotive News. BMW, Porsche and Volkswagen did not respond to queries. Honda said it doesn’t have a bug bounty program.

Nonetheless, most of the auto industry is proactive about cybersecurity issues, said Kevin Tierney, General Motors’ chief cybersecurity officer and vice chair of the Automotive Information Sharing and Analysis Center, known as Auto-ISAC. The group of automakers shares information about potential cyberthreats, vulnerabilities and incidents.

“Everyone’s making big moves and big investments,” Tierney said. “It’s not always obvious to the end consumer with everything that’s happening.”

GM started its bug bounty program in 2016. It is administered by HackerOne, of San Francisco, which also runs programs for BMW, Ford, Rivian and Toyota.

HackerOne’s automotive business jumped 400 percent from 2021 to 2022 as clients added services to their contracts. In addition to bug bounty management, HackerOne provides vulnerability disclosure programs, penetration testing of online systems and other services.

Source…

AWS and the BMW Group Collaborate to Deliver BMW’s New Cloud-Based Vehicle Data Platform; Joint software will accelerate the introduction of new data-driven features, services, and enhancements for drivers, and help automakers advance connected-car and software-defined vehicle capabilities


SEATTLE-Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), and the BMW Group today announced a strategic collaboration to develop customizable cloud software that will simplify the distribution and management of data from millions of connected vehicles.

The BMW Group will be the first automaker to use the software, which will serve as the basis for its next-generation, cloud-based vehicle data platform. Moving forward, the new software will be available to other automakers, enabling them to easily integrate vehicle data sources, accelerate vehicle and fleet application feature development, and improve life cycle management, while delivering advanced vehicle features and more personalized driver experiences at lower costs.

‘We have 20 million connected vehicles on the road today. With the launch of the ‘Neue Klasse,’ BMW’s next generation of vehicles, our offboard cloud platform, powered by AWS, will process roughly triple the volume of vehicle data compared to the current generation of BMW models,’ said Nicolai Kramer, vice president of Vehicle Connectivity Platforms at the BMW Group. ‘Together with AWS, we will continue to create innovative solutions that enable us to develop and deliver new data-driven functions to customers worldwide, even faster.’

The BMW Group and AWS co-developed solution collects BMW vehicle signals and fleet intelligence data, then securely processes and routes the data in the cloud. Using AWS’s cloud infrastructure and its industry-leading security, the BMW Group ensures that its customer data is protected and processed in accordance with data privacy requirements and customer preferences. Only the BMW Group’s internal domain experts-vehicle application developers, fleet managers, data scientists, and artificial intelligence, business intelligence, and development engineers-gain access to the data via a self-service mechanism that gathers streaming vehicle data, easily adds new data sources, configures access in accordance with governance policies, and monitors the quality and health of streaming sources. The data is then combined with AWS capabilities, including analytics, machine learning, database, storage, and compute,…

Source…

German automakers targeted in year-long malware campaign


Car manufacturer

A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware.

The targets include both car manufacturers and car dealerships in Germany, and the threat actors have registered multiple lookalike domains for use in their operation by cloning legitimate sites of various organizations in that sector.

These sites are used to send phishing emails written in German and host the malware payloads downloaded to targeted systems.

Various lookalike domains used in this campaign
Various lookalike domains used in this campaign (Check Point)

Researchers at Check Point discovered this campaign and published a technical report where they presented the details of their findings. According to the report, the campaign started around July 2021 and is still ongoing.

Targeting the German auto industry

The infection chain begins with an email sent to specific targets containing an ISO disk image file that bypasses many internet security controls.

For example, the phishing email below pretends to contain an automobile transfer receipt sent to what appears to be a targeted dealership.

Samples of malicious emails seen by Check Point
One of the malicious emails seen by Check Point

This archive, in turn, contains an .HTA file that contains JavaScript or VBScript code execution via HTML smuggling.

Generic infection chain
Generic infection chain (Check Point)

This is a common technique used by hackers of all skill tiers, from “script kiddies” that rely on automated kits to state-sponsored actors that deploy custom backdoors.

While the victim sees a decoy document that is opened by the HTA file, malicious code is executed in the background to fetch the malware payloads and launch them.

Decoy document
Decoy document (Check Point)

“We found several versions of these scripts, some triggering PowerShell code, some obfuscated, and others in plain text. All of them download and execute various MaaS (Malware as a Service) info-stealers.” – Check Point.

The MaaS info-stealers used in this campaign vary, including Raccoon Stealer, AZORult, and BitRAT. All three are available for purchase in cybercrime markets and darknet forums.

In later versions of the HTA file, PowerShell code runs to change registry values and enable content on the Microsoft Office…

Source…

Data breach exposed automakers’ sensitive documents

  1. Data breach exposed automakers’ sensitive documents  Komando
  2. Data breach exposes trade secrets of carmakers VW, Toyota and GM  Telegraph.co.uk
  3. Carmakers’ Trade Secrets Exposed in Data Breach  LowCards
  4. Full coverage

data breach – read more