Logo Cibersecurity made in Europe Logo UE

Real cases

Data since 2012

Real cases of hacked carsDate
Fuel distributor hit by ransomware attackDec 2020Read More
Headline Fuel distributor hit by ransomware attack
Year 2020
Month December
Country Canada
Description 

The Canadian company Parkland Corp, a fuel distribution company, has suffered a ransomware cyber-attack -which consists of ‘kidnapping’ or stealing data and demanding a ransom in exchange for releasing or decrypting it-, which has not affected its operations. A group known as ‘Clop’ claims responsibility for the attack, although to date it has not offered any proof of its actions.

Intentionality Cracker
Target Company
Company Parkland Corporation
Type of company Distribution
Data / Life Data
Access Remote
System Databases
Recognized by brand 
Source https://www.freightwaves.com/news/canadian-fuel-distributor-parkland-targeted-in-cyberattack
Disable a connected carrier platform for five daysNov 2020Read More
Headline Disable a connected carrier platform for five days
Year 2020
Month November
Country United States
Description 

The DriverConnect platform – used by thousands of carriers in the United States – suffered an attack on its servers, forcing the provider company -Rand McNally- to completely disconnect the service. Due to this, the affected drivers were not able to use any of their associated functions such as the navigator, vehicle status diagnostics, ‘hands-free’ telephony and messaging, or the cameras outside the cabins. The company managed to restore the platform five days after receiving the attack.

Intentionality Cracker
Target Vehicle
Company Rand McNally
Model DriverConnect
Type of company Service provider
Data / Life Other
Access Aplication
System DriverConnect Connected Services Platform
Recognized by brand 
Source https://www.freightwaves.com/news/5-days-later-rand-mcnally-says-eld-system-back-online
A Tesla Model X is hacked through the bluetooth systemNov 2020Read More
Headline A Tesla Model X is hacked through the bluetooth system
Year 2020
Month November
Country United States
Description 

The security researcher at the Belgian university KU Leuven, Lennert Wouters, has revealed a number of cybersecurity vulnerabilities affecting the Model X and its hands-free opening system. Wouters showed that a cracker could make a copy of the firmware – the instructions of a computer program – that uses the car’s remote control… via Bluetooth. That way you would be able to get an unlock code and that in turn would allow you to unlock the vehicle. The American company, famous for being one of the first that allows updating its models remotely, has said that it plans to update the software of its key system to correct these vulnerabilities, as Wouters says in the Wired medium. In the meantime, Model X owners are encouraged to install whatever updates Tesla makes available to them in the coming weeks to prevent such an attack.

Intentionality Hacker
Target Vehicle
Company Tesla
Type of company OEM
Data / Life Data and Life
Access Aplication
System Bluetooth
Recognized by brand No
Source https://www.wired.com/story/tesla-model-x-hack-bluetooth/
Six luxury vehicles are stolen by keyless entry.Oct 2020Read More
Headline Six luxury vehicles are stolen by keyless entry.
Year 2020
Month October
Country United States
Description 

Crackers managed to steal six luxury cars from the Twin Auto sales lot in the Detroit area overnight on Friday 23 October. The thefts from the vehicles, valued at $50,000 each, were carried out using a remote computer that opened the cars’ doors by bypassing the keyless entry system. Police believe the laptop generated a second key that allowed the criminals to start the cars and subsequently drive them off the lot without raising suspicion. Police are still searching for the suspects in the phantom incident.

Intentionality Cracker
Target Vehicle
Company FCA Group
Model Dodge Durango SRT (2020), Dodge Charger Scat pack (2020), Dodge Challenger RT (2018), Jeep Grand Cherokee SRT (2017),Dodge Challenger HellCat (2015) y Jeep Grand Cherokee SRT (2014).
Type of company 
Data / Life Other
Access Remote
System Keyless
Recognized by brand No
Source https://www.fox2detroit.com/news/thieves-use-computers-to-hack-steal-six-luxury-cars-at-redford-dealer
The data of 27 million drivers are exposedNov 2020Read More
Headline The data of 27 million drivers are exposed
Year 2020
Month November
Country United States
Description 

Vertafore -a US software provider whose activity is centered on insurance companies- announced that it had suffered a security breach in its databases, through which an unknown attacker was able to access the information of 27.7 million registered drivers In the state of Texas, in the US The compromised files included names, dates of birth, addresses, license numbers and registration histories of the insured vehicles.

Intentionality Cracker
Target Company
Company Vertafore
Type of company Service provider
Data / Life Data
Access Aplication
Recognized by brand 
Source https://www.govtech.com/security/27-7M-Texas-Drivers-Affected-by-Third-Party-Data-Breach.html
Access to the CAN-BUS of a Kia through the multimedia systemNov 2020Read More
Headline Access to the CAN-BUS of a Kia through the multimedia system
Year 2020
Month November
Country Italy
Description 

A couple of Italian researchers discover, when analyzing the software of the multimedia system of a Kia Ceed, a vulnerability that allows them to execute malware – a malicious program – inside the system and, in addition, send instructions through CAN-BUS – the network that intercommunicates elements such as sensors and control units in a car- to manipulate certain functions – such as altering the audio volume, activating the rear view camera or loading routes in the navigator – without having to touch the touch screen or the controls of the multimedia device.

Intentionality Cracker
Target Vehicle
Company Kia
Model Ceed
Type of company 
Data / Life Data and Life
Access Physical
System Multimedia system
Recognized by brand No
Source https://e-corridor.eu/cve-for-kia-vulnerability/
Bluetooth, one of the most vulnerable portsSep 2020Read More
Headline Bluetooth, one of the most vulnerable ports
Year 2020
Month September
Country Switzerland
Description 

It is called BLURtooth, it is a major security flaw that, for the moment, has no solution and has been officially notified by the organization responsible for the Bluetooth communication standard. This form of wireless communication is one of the most widely used devices in cars to enjoy services such as hands-free telephony, music or even for the correct operation of Android Auto and Apple Car Play protocols. Therefore, this Bluetooth vulnerability not only fails, it not only puts the phone device at risk, but also the vehicle.

Intentionality Cracker
Target Vehicle
Type of company 
Data / Life Data and Life
Access Aplication
System Bluetooth
Recognized by brand 
Source https://www.elmundo.es/tecnologia/2020/09/15/5f5f4b0621efa018288b4576.html
Attempt to cripple Tesla factory through cyber attackAug 2020Read More
Headline Attempt to cripple Tesla factory through cyber attack
Year 2020
Month August
Country United States
Description 

The U.S. Department of Justice confirms the arrest of a Russian-born man accused of offering $1 million to an employee of the automaker in order to bribe him to carry out a cyberattack from the inside. The plan? To infect a large part of the company’s factory, located in Nevada, with malware that would have paralyzed its production. The employee, instead of taking the money he was offered, told his bosses, who called in the FBI to start the investigation.

Intentionality Cracker
Target Company
Company Tesla
Type of company 
Data / Life Data
Access Aplication
Recognized by brand 
Source https://www.cyberscoop.com/tesla-ransomware-attempt-elon-musk-russia/
Massive data theft at Uber takes company’s ex CSO to courtAug 2020Read More
Headline Massive data theft at Uber takes company’s ex CSO to court
Year 2020
Month August
Country United States
Description 

Joe Sullivan has been formally charged by the District Court in San Francisco, United States, for failing to disclose the details of the operation for which he paid a ransom to crackers to remove the data they had stolen from his platform… so that the facts would not come to the attention of the corresponding authorities, who would have imposed an even greater fine for not having such data properly protected.

Intentionality Cracker
Target Other
Type of company 
Data / Life Data
Access Aplication
Recognized by brand No
Source https://www.cyberscoop.com/joe-sullivan-uber-arrested-2016-data-breach/



Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies