April 17, 2017—Argus Cyber Security, an automotive cyber security company, and Bosch announced a collaborative effort to promote public safety and prevent car hacking after a security gap was found in the Bosch Drivelog Connector dongle and its authentication process with the Drivelog Connect smartphone application.
The problem was found when the Argus research group succeeded in remotely taking over safety-critical vehicle systems via a Bosch Drivelog Connect smartphone application installed in the vehicle. A vulnerability found in the authentication process between the dongle and the Drivelog Connect smartphone application enabled Argus researchers to uncover the security code within minutes and communicate with the dongle from a standard Bluetooth device, such as a smartphone or laptop. After gaining access, Argus researchers were able to duplicate the message command structure and inject malicious messages into the in-vehicle network.
"At our core, Argus is dedicated to ensuring that vehicles are cyber-safe and our ongoing collaboration with global Tier 1 suppliers and car manufacturers enables us to provide the most advanced cyber security solutions for the automotive industry," said Yaron Galula, Argus CTO and co-founder. "The Bosch discovery demonstrates that solutions based on cryptography, even when designed by leaders in the industry, are not foolproof and that multi-layered defenses are required to effectively protect vehicles from cyber threats."