IOActive releases new white paper “Commonalities in Vehicle Vulnerabilities”

Global cybersecurity consulting firm IOActive has released a new white paper, “Commonalities in Vehicle Vulnerabilities.” This is a follow on to IOActive’s deep research in this area over the past few years including 2016 research on common vehicle vulnerabilities and 2015 research on “Remote Exploitation of an Unaltered Passenger Vehicle.”

The research, which went live on the IOActive website earlier today, is based on over 6,000 hours of work on vehicle hardware systems over the years, yielding the latest four takeaways:

  • In general, vulnerabilities have decreased in both impact and likelihood.
  • The most common attack vectors are internal software components and network-connected applications.
  • Hardening of local interfaces appears to be improving.
  • The most common vulnerability types are logic errors, as traditional memory corruption attacks are becoming less common.