"Researchers Discover Critical Vulnerabilities in Ferrari, BMW, Toyota, and Other Automotive Giants"
Researchers, including web application security expert Sam Curry, uncovered major vulnerabilities affecting Ferrari, BMW, Toyota, Ford, and other automobile manufacturers. The researchers discovered a compromised undisclosed system used by AT&T that could allow a threat actor to send and receive text messages, retrieve live geolocation, and disable millions of SIM cards installed in Teslas, Subarus, Toyotas, Mazdas, and more. According to researchers, the consequences of these vulnerabilities extend far beyond car hacking, affecting practically every industry and nearly anything that uses SIM cards. Spireon, the largest device-independent telematics provider in North America, was also highlighted. Its discovered vulnerabilities include Remote Code Execution (RCE) on core systems for managing 1.2 million user accounts, full administrator access to a company-wide administration panel that supports sending arbitrary commands to an estimated 15.5 million vehicles, and the ability to completely take control of any vehicle, including police and ambulances. Mercedes-Benz's flaws include RCE on several systems, improperly configured Single Sign-On (SSO) that allows access to numerous mission-critical internal applications, and memory leaks that might lead to account access. BMW and Rolls Royce also have core SSO vulnerabilities, providing access to any employee application. This article continues to discuss the high-severity vulnerabilities impacting Ferrari, BMW, Toyota, Ford, and other automotive companies.