Another day brings more internet-connected car vulnerabilities to light.
This particular vulnerability takes advantage of a dongle that allows attackers to bypass authentication and issue commands to cars, stopping their engines, and perhaps more.
However, this issue isn't just restricted to this device, we've seen a growing number of internet-car vulnerabilities in recent times which are steadily accumulating.
At the moment it may feel as if security researchers are crying wolf, but the impact of any of these vulnerabilities being exploited in the real world could be fatal.
The attack is possible because the dongle doesn't properly filter commands it receives from the smartphone app. For example, the dongle executes some CAN messages outside of the scope a small subset of diagnostic messages (i.e., OBDII PIDs). In Argus tests, some of these commands stopped a test car's motor, but experts say that further digging around could unearth other commands and potential attacks.