"CyLab Researchers Discover Novel Class of Vehicle Cyberattacks"

A team of researchers at Carnegie Mellon University's CyLab discovered a new class of cybersecurity vulnerabilities contained by modern vehicles. According to the researchers, the exploitation of these vulnerabilities could allow an attacker to bypass a car's Intrusion Detection System (IDS) and shut down different components of the car, including the engine, through the execution of carefully crafted computer code from a remote location. Threat actors do not need to manipulate hardware or physically access the target vehicle to exploit the new class of vulnerabilities. CyLab's Sekar Kulandaivel, the lead author of the study, calls on automakers to consider more advanced attack strategies when building an IDS into the next generation of vehicles. The team confirmed the feasibility of the discovered vulnerabilities by demonstrating proof-of-concept attacks that exploit them in a 2009 Toyota Prius and a 2017 Ford Focus. The researchers say that many modern vehicles are likely to be vulnerable to these types of attacks. However, an attacker would need to compromise the car's network before executing these kinds of attacks. This new class of cybersecurity vulnerabilities provides new ways for attackers to move laterally in a larger attack chain. This lateral movement refers to the possibility of an attacker impacting other components of a vehicle while undetected once they gain control over a specific component. This article continues to discuss the discovery, potential exploitation, and possible impact of the new class of cybersecurity vulnerabilities in modern-day vehicles, as well as the importance of conducting more adversarial, white-hat research within the automotive industry. 

CyLab reports "CyLab Researchers Discover Novel Class of Vehicle Cyberattacks"