Logo Cibersecurity made in Europe Logo UE

Real cases

Data since 2012

Real cases of hacked carsDate
Company selling smart parking meters hackedApr 2020Read More
Headline Company selling smart parking meters hacked
Year 2020
Month April
Country United States
Description 

A company in charge of marketing ‘smart’ parking meters and all kinds of technology used by those who control them in cities around the world has been the victim of a ransomware attack, which also exposed some of its internal files on a website used by cybercriminals. The company is called CivicSmart -from Milwaukee, USA-; it sells parking meters equipped with systems that allow payment to be made from an app installed on the cell phone, but also markets the software and hardware used by the controllers -personnel that control the devices-. The attack was carried out using a ransomware known as Sodinokibi or REvil, and was noticed by the Israeli security company Under the Breach. They discovered that the crackers planned to publish up to 159 gigabytes of CivicStart data, such as employee records, contracts with cities, bank statements or the numbers of credit cards used by parking meter customers.

Intentionality Cracker
Target Company
Company Civicsmart
Type of company Others
Data / Life Data
Access Remote
System Servers
Recognized by brand No
Source https://statescoop.com/smart-parking-meter-vendor-data-stolen-ransomware-attack/
They gain access to a corporate domain with a SIM cardMar 2020Read More
Headline They gain access to a corporate domain with a SIM card
Year 2020
Month March
Country United States
Description 

Pen Test Partners’ researchers got hold of a vehicle’s telematics unit – known by the acronym TCU – removed its SIM card, placed it in a USB modem connected to a laptop, managed to connect to its internal network and, in this way, managed to compromise the entire domain from the outside.

Intentionality Hacker
Target Company
Type of company OEM
Data / Life Data
Access Remote
System Servers
Reach 1
Recognized by brand No
Source https://www.pentestpartners.com/security-blog/from-a-tcu-to-corporate-domain-admin/
Vulnerabilities discovered affecting car rental company Project Worlds OfficialMar 2020Read More
Headline Vulnerabilities discovered affecting car rental company Project Worlds Official
Year 2020
Month March
Country United States
Description 

System 1 of Project Worlds Official Car Rental – a rental car company – is vulnerable to multiple SQL injection issues, as evidenced by the email and parameters (account.php), uname and pass parameters (login.php), and the id parameter (book_car.php) This allows a malicious user to dump the MySQL database and bypass the login authentication request.

Intentionality Cracker
Target Company
Type of company Rent
Data / Life Data
Access Remote
System Servers
Recognized by brand No
Source https://nvd.nist.gov/vuln/detail/CVE-2020-11544
Vulnerabilities found in two of Volkswagen and Ford’s best-selling modelsMar 2020Read More
Headline Vulnerabilities found in two of Volkswagen and Ford’s best-selling models
Year 2020
Month March
Country United Kingdom
Description 

The study is initiated by ‘Which?’, a consumer association with more than 60 years of experience in the United Kingdom. It was carried out in collaboration with the cybersecurity company Context Security Information and some of the European associations in the same field. Which?’ acquired “two of the UK’s best-selling vehicles”: the Ford Focus and the Volkswagen Polo, both in their current generations. According to the publication, these were two “extremely well-equipped models that came with the latest infotainment devices, along with mobile apps that could be used to remotely control various aspects of the vehicle”. The cars were loaned to ‘Context’ for testing to see how vulnerable the vehicles were. Other systems they analyzed were the car’s access and start system, the CAN bus network… and in the case of the Polo, the front proximity sensor, and in the Focus the TMPS or tire pressure control.

Intentionality Cracker
Target Vehicle
Company Ford, Volkswagen
Model Ford Focus, Volkswagen Polo
Type of company OEM
Data / Life Data and Life
Access Remote
Recognized by brand 
Source https://thenextweb.com/shift/2020/04/14/top-selling-vehicles-ford-volkswagen-security-hacks/
Chinese APT41 virus launches global intrusion campaign, including transport companiesMar 2020Read More
Headline Chinese APT41 virus launches global intrusion campaign, including transport companies
Year 2020
Month March
Country China
Description 

During this year, cybersecurity firm FireEye has observed how APT41 – which stands for ‘Advanced Persistent Threat’ – of Chinese origin, was carrying out “one of the most extensive cyberespionage campaigns we have observed in recent years”, according to the company. Specifically, between 20 January and 11 March, FireEye observed APT41’s attempts to exploit vulnerabilities in the following industries: Banking/Finance, Construction, Defence Industrial Base, Government, Healthcare, High Tech, Higher Education, Legal, Manufacturing, Media, Non-Profit, Oil & Gas, Petrochemicals, Pharmaceuticals, Real Estate, Telecommunications, Travel & Utility… and Transportation. To carry out their attacks, they believe that the malware used by APT41 uses at least… 46 different code families and tools! How does it reach its victims? Usually in the guise of an email with attachments.

Intentionality Cracker
Target Company
Type of company 
Data / Life Data
Access Remote
System Servers
Recognized by brand No
Source https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
Researcher hacks into a Tesla’s screenMar 2020Read More
Headline Researcher hacks into a Tesla’s screen
Year 2020
Month March
Country United States
Description 

Researcher Jacob Archuleta ‘Nullze’ discovered the DoS vulnerability after investigating the Tesla Model 3’s web interface. After testing a bug, he discovered that it was possible for an attacker to crash the Chromium-based interface after tricking the drivers into visiting a specially crafted web page. The problem is that the Model 3’s 17″ screen is a control centre… which, if not working, would not allow access to functions such as climate control, navigation, most audio system functions, vehicle speed monitoring… which could cause distractions for the person driving – with the consequent risk. The problem seems to have been solved in the latest update of this system, specifically in version 2020.4 10 and higher.

Intentionality Hacker
Target Vehicle
Company Tesla
Model Model 3
Type of company OEM
Data / Life Life
Access Remote
System Infotainment
Reach 1
Recognized by brand 
Source https://hackercar.com/que-descubrio-un-hacker-en-la-pantalla-de-este-tesla/
An e-mail blocking Tarragona’s car parksMar 2020Read More
Headline An e-mail blocking Tarragona’s car parks
Year 2020
Month March
Country Spain
Description 

Money in exchange for releasing the data of underground car park users in Tarragona. This is the blackmail that a cracker carried out on the Catalan city council after blocking access to information on the 4,000 subscribers of Aparcaments Municipals de Tarragona, the municipal company that manages the city’s car parks. This was achieved by means of an e-mail that pretended to be from a supplier but which, in reality, when opened, contained a virus that infected the company’s server, rendering the files stored there unusable.
The cybercriminal demanded a payment of 9 bitcoins for returning access to the information of the 4,000 car park subscribers. A figure that would be around €41,000 at the current exchange rate… but which the city council refused to pay. A case that the Mossos d’Esquadra, the State Data Protection Agency and the Tax Agency have been informed. It has also informed the municipal legal services and a company specialising in decryption.

Intentionality Cracker
Target Vehicle
Type of company Public Transport
Data / Life Other
Access Remote
Recognized by brand No
Source https://hackercar.com/un-correo-electronico-bloquea-los-aparcamientos-de-tarragona/
A denial-of-service attack is carried out against TakeawayMar 2020Read More
Headline A denial-of-service attack is carried out against Takeaway
Year 2020
Month March
Country Germany
Description 

Criminals have launched a Denial of Service attack against Takeaway – and its German subsidiary Lieferando – a company that delivers food by car. The criminals demanded a payment of around 11,000 euros to stop the attack. Taking advantage of the situation caused by the COVID19 crisis, which led to a huge growth in home food delivery services, crackers targeted the company Takeaway… and attacked it. They reacted quickly, putting systems into ‘maintenance mode’, but causing delays in orders.

 

Intentionality Cracker
Target Company
Company Takeaway
Type of company Others
Data / Life Data
Access Remote
System Servers
Recognized by brand No
Source https://www.bleepingcomputer.com/news/security/food-delivery-service-in-germany-under-ddos-attack/
Autonomous vehicle detection systems can be breached with ‘phantom’ imagesFeb 2020Read More
Headline Autonomous vehicle detection systems can be breached with ‘phantom’ images
Year 2020
Month February
Country Israel
Description 

Ben Nassi, a researcher at Ben-Gurion University of the Negev, and his team demonstrated how easy it is to fool the driver assistance systems that are built into autonomous and connected vehicles. They show that a projector can be used to mislead the system into detecting a projected phantom image as if it were a real signal or a real danger. The systems tested were the Mobileye 630 PRO, used in cars such as the Mazda 3, and Tesla’s HW 2.5 autopilot system. Both have an automation level 2, i.e. they can act as an autopilot but require a human driver for monitoring and intervention.

Intentionality Hacker
Target Vehicle
Company Tesla, Mazda
Model TESLA MODEL X, MAZDA 3
Type of company OEM
Data / Life Life
Access Remote
System Sensors
Recognized by brand No
Source https://www.nassiben.com/phantoms



Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies