Home / Automotive Security / Automotive Cybersecurity: Argus Cyber Security working with Bosch

Automotive Cybersecurity: Argus Cyber Security working with Bosch

Argus Cyber Security and Bosch have announced that security vulnerabilities were found by Argus researchers in the Bosch Drivelog Connector dongle and in its authentication process with the Drivelog Connect smartphone application which enabled the researchers to take control of a car via Bluetooth.

digital safety concept padlock in electronic environment

Following a responsible disclosure made by Argus to Bosch, their Product Security Incident Response Team (PSIRT) took decisive and immediate action to address the vulnerabilities.

Argus
Argus

The Argus research group succeeded in remotely taking over safety-critical vehicle systems via a Bosch Drivelog Connector dongle installed in the vehicle. A vulnerability found in the authentication process between the dongle and the Drivelog Connect smartphone application enabled Argus researchers to uncover the security code within minutes and communicate with the dongle from a standard Bluetooth device, such as a smartphone or laptop.

After gaining access to the communications channel, Argus researchers were able to duplicate the message command structure and inject malicious messages into the in-vehicle network. Effectively bypassing the secure message filter that was designed to allow only specific messages, these vulnerabilities enabled the Argus research group to take control of a moving car, demonstrated through remotely stopping the engine.

As soon as Argus found cyber security vulnerabilities in the Bosch Drivelog Connector dongle, Bosch was duly informed. The level of attention the matter received from Bosch top management was significant and their Product Security Incident Response Team worked quickly to immediately address the issues across their security and development divisions. Additional work is also being done to further limit the possibility to send unwanted CAN messages and will be rolled out alongside further improvements later in the year.

About Piyush Rajan

Asst. Business Editor |Telematics Wire | Smart automotive

Check Also

Automotive cyber-security specialist CanBusHack acquired by Trillium

Trillium announced its acquisition of the assets of cybersecurity consulting specialist CanBusHack. CanBusHack is one …