Char49 at DEF CON 2024: Unveiling Vulnerabilities in Car Manufacturers' Applications
DEF CON is one of the largest and most important conferences in the world of cybersecurity, bringing together experts and professionals from across the globe to discuss the latest discoveries and threats. This year, Char49 had the honor of participating at AppSec Village with an innovative talk on the security of car manufacturers' applications, presented by our experts David Sopas and Paulo Silva.
A New Approach to Car Security
Since the first car hit the road, manufacturers have been obsessed with safety. However, as cars become more digital and connected, cybersecurity is becoming as crucial as traditional airbags and seatbelts. In this talk, we addressed how web applications used by major brands in the automotive industry are vulnerable to cyberattacks, exposing sensitive data and posing a real threat to consumer privacy and safety.
We presented the findings of our research, which identified security flaws in at least eleven of the world's leading car manufacturers. We demonstrated how old vulnerabilities, such as those found in unpatched third-party software, continue to affect many of these applications, emphasizing the need for better security practices across the industry.
What We Demonstrated in the Talk:
- Modern web applications are still affected by old/traditional vulnerabilities;
- How security issues can be chained together to launch real attacks and cause significant impact;
- The common pattern of using unpatched and outdated third-party software;
- The importance of companies adopting responsible disclosure policies for vulnerabilities.
We also showcased proof-of-concept videos to illustrate the vulnerabilities discovered and the potential impact they could have on user data.
After our first talk in 2020, in Safe Mode due to the Covid-19 pandemic, Char49’s presence at DEF CON 2024 was a significant milestone for our team. We hope our research inspires manufacturers and other companies to review their security practices and implement stronger measures to protect their users.
If you want to learn more about our findings or how we can help your company strengthen its application security, feel free to reach out.