Protect Your Automotive OS from Memory Corruption Attacks

CVECVE-2023-33071
CVSScvssV3_1: 8.4
SourceCVE-2023-33071

Automotive OS is commonly used in vehicle infotainment systems to power features like navigation, media playback and more. Unfortunately, researchers have discovered a vulnerability in Automotive OS that could allow hackers to corrupt the memory and take control of your vehicle’s systems.

The vulnerability, tracked as CVE-2023-33071, is a memory corruption issue that arises when untrusted apps are able to access the Hardware Abstraction Layer (HAb) for graphics functionalities. By manipulating how data is read and written to memory, a hacker could potentially execute arbitrary code and take over the infotainment system.

This gives an attacker full control over features like the display, media playback and potentially even safety-critical systems if not contained properly. They could display fake navigation routes, interrupt phone calls or override the radio. In a worst case scenario, researchers haven’t ruled out the possibility of exploiting this to impact physical vehicle controls as well.

The best way to protect yourself is to ensure your vehicle’s Automotive OS software is always kept up to date with the latest patches. Manufacturers are working on releasing fixes, so be on the lookout for software updates and install them promptly to close this vulnerability. Avoid installing untrusted third party apps on your infotainment system wherever possible until your manufacturer has addressed this issue. Staying vigilant with updates is the best defense against such memory corruption attacks.

References