A recent vulnerability discovered by security expert Sam Curry allows hackers to hijack cars using only a smartphone and the victim’s license plate number. The issue, which was found in Kia vehicles as old as 2014, exposed personal details such as name, phone number, email, and physical address, and allowed attackers to control various aspects of the vehicle, including unlocking, starting, and activating lights.
Curry’s team developed a smartphone tool that could automate the process, but it remains unclear whether the exploit still works after Kia has reportedly fixed the issue. The vulnerability highlights concerns about the growing use of smartphones to steal vehicles and emphasizes the need for car manufacturers to address similar issues in their products.
Meanwhile, other security breaches made headlines this week, including an Ivanti exploit that could bypass authentication requirements on versions 22.2R1 and 22.7R2, and a UK citizen charged with compromising public companies to steal financial secrets worth $3.75 million. Additionally, Monaco-based Namebay domain registrar fell victim to a ransomware attack, knocking its mail hosting offline.
Critical infrastructure systems also faced attacks, but fortunately, the impact was limited in one case, where Arkansas City, Kansas’ water treatment plant’s control systems were temporarily disabled without compromising customer information. Meanwhile, TikTok ejected multiple Russian media outlets linked to the government amid growing concerns over misinformation.
Source: https://www.theregister.com/2024/09/30/infosec_in_brief/