October 08, 2014
When mobile devices communicate with cars, the connected auto now becomes a new cyber threat target. OBD2 port always connected to CAN (Controller Area Network) BUS, an automotive bus system. Unfortunately, the security vulnerabilities existing inside both the auto’s CAN BUS and within the mobile apps can introduce new security risks ranging from simply unauthorized data capture, to more serious offenses such as vehicle or property theft, to criminally malicious hijacking or even the possibility of remotely overriding critical auto systems and control, resulting in accident, injury, or even death. Via such vulnerable portals, the capability and potential exists today for large-scale, organized malicious chaos.
As high as 50% of surveyed OBD dongles are vulnerable to hacking. By leveraging their security flaws, hackers can inject CAN BUS commands to control cars. The top three security flaws of 19 OBD dongles are weak encryption, exposed key and communication protocol hijacking. VisualThreat, the leading company in connected-car security, has published the first ever security research report on auto OBD products and auto mobile apps in September 2014. As many as 19 OBD dongles and more than 120 auto mobile apps have been analyzed.
For the detailed report, please contact us.