عرض المزيد يكاشف امنية في سيلمام تحدد سلامة بيكيرين والركاب

استعرضت كاسبرسكي قلمة قمة محللي المن 2025 results of security audit کشف عن غرة امنية هذا الخطورة; It allows unauthorized access to all cars connected to one of the car manufacturers.

The company explained in its statement today, it is possible to control the system of tracking and analyzing the data of cars (Telematics) by exploiting the loophole that is available to the public, subject to one of the companies, which threatens the safety of drivers and passengers alike.

For example, the attacker can change the transmission or stop the engine while the car is running, as these results show some of the possible weaknesses in the cyber security industry, which calls for increased security measures.

الشركة المصنعة الموقعة
Aгри هذا التحقيق المعني عن بعد, and focus on the company’s publicly available services and the contracted company’s infrastructure.

Kaspersky identified a group of web services exposed to security risks. First, Kaspersky researchers exploited a zero-day SQL injection vulnerability in the wiki application (a web platform that allows users to create content, write and manage it collaboratively), and were able to extract a list of the company’s user names and password components.

واتاح هذا الختراق access to the company’s problem tracking system (it is a software tool for managing tasks, errors, and problems within the project and tracking them), which includes details of the sensitive setup of the Telematics system infrastructure at the manufacturing company, including a file containing parts of passwords for users of the Telematics system.

It is known that the Telematics system in modern cars allows various data (such as speed, geographic location, etc.) from connected cars, then transfers, analyzes and uses them.
connected cars
In the case of cars equipped with technology that allows them to connect to the Internet, external systems, and other cars, Kaspersky detected a disturbance in the firewall settings, which exposes the internal servers to security risks.

The searchers used the password for the user account that they obtained in advance, so they were able to access the file system on the server, and they discovered the login data of another contracted company, so they were able to control the entire infrastructure of the Telematics system.

And the worst part of that is that the researchers found the command to update the firmware to enable them to download the firmware for the Telematics Control Unit (TCU). It gives access to the car’s control area network (CAN), which is a system that connects internal components such as the engine and sensors.

The researchers later reached other systems inside the car, such as the engine and transmission and others, and so the vital functions of the car were exposed to manipulation because of this access, which threatened the safety of the driver and passengers.

Artim Zainiko, head of the Security Vulnerability Research and Evaluation Department within Kaspersky’s industrial control systems response team, said that security vulnerabilities are related to common problems in the automotive sector, such as: publicly available web services, weak passwords, the lack of a two-factor authentication (2FA) option, and storing sensitive data without encryption.

ویوده هذا الختراق عنّ one gap in the infrastructure of the contracting company will lead to a hack involving all connected cars. That’s why the automotive sector should give the highest priority to strong cyber security measures, especially when dealing with external systems, in order to protect drivers and strengthen trust in connected car technologies, according to what we said.

Kaspersky requires companies to take strict security measures, such as limiting access to electronic services on the Internet via private virtual networks (VPN), isolating these services from internal company networks, implementing strict password policies, relying on two-way authentication, encrypting sensitive data, and integrating logins with a security information management system (SIEM) to ensure immediate monitoring.

Kaspersky also advises car manufacturers with several tasks, including: restricting access to the Telematics system from the automotive network, trusting permission rules to regulate network interactions, disabling password authentication via the SSH protocol, operating services with limited capabilities, and ensuring the correctness of commands in the Telematics control units (TCU), as well as integrating the information management system and security.