Grand Theft Telematics: Kaspersky Finds Security Flaws That Threaten Vehicle Safety
At the Security Analyst Summit 2025, Kaspersky presented the results of a security audit that has exposed a significant security flaw enabling unauthorized access to all connected vehicles of one automotive manufacturer. By exploiting a zero-day vulnerability in a contractor’s publicly accessible application, it was possible to gain control over the vehicle telematics system, compromising the physical safety of drivers and passengers. For instance, attackers could force gear shifts or turn off the engine when the vehicle is driving. The findings highlight potential cybersecurity weaknesses in the automotive industry, prompting calls for enhanced security measures. Car manufacturer’s side The security audit was conducted remotely and targeted the manufacturer’s publicly accessible services and the contractor’s infrastructure. Kaspersky identified several exposed web services. First, through a zero-day SQL injection vulnerability in the wiki application (a web-based platform that allo
READ MORE...