Sign up to save your podcasts
Or
Share Security Breaks – Weekly News Edition
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security Breaks – Weekly News Edition
In this episode, Kate dives into the latest automotive cybersecurity headlines — from wireless tire pressure monitoring vulnerabilities to supplier ransomware and SBOM validation breakthroughs. She unpacks critical issues affecting OEMs, Tier 1 suppliers, and dealerships, while highlighting the real-world implications of Bluetooth Low Energy attacks, supply chain risks, and continuous software validation.
Whether you’re an engineer, cybersecurity practitioner, or dealership IT lead, this episode delivers a fast-paced, expert breakdown of what’s shaping the automotive security landscape right now.
Key Takeaways- TPMS (Tire Pressure Monitoring Systems) still transmit unencrypted signals, leaving room for spoofing and tracking vulnerabilities.
- Supplier cyber incidents, such as those impacting Jaguar Land Rover, show how attacks ripple through the entire automotive supply chain.
- Bluetooth Low Energy (BLE) weaknesses continue to expose vehicles to unauthorized access — secure pairing and token rotation are essential.
- Ransomware groups like Akira are increasingly targeting distributors and service providers within the automotive ecosystem.
- Continuous SBOM validation and integration with threat intelligence are key to proactive risk management under ISO/SAE 21434 and UNECE R155.
- Machine learning intrusion detection systems (IDS) show promise but require realistic datasets and careful tuning to avoid false positives.
Quotes“Safety signaling that can be faked is a problem. When drivers start to ignore warnings, we’ve already lost the battle.”
“If your dealer network still relies on flat networks because printers — this is your sign to fix that.”
“Your SBOM program isn’t about paperwork. It’s about knowing what’s in your software so you can fix what matters.”
Timestamps
(01:29) Wireless threats to tire pressure monitoring systems (TPMS)
(06:00) Supplier cyberattacks disrupting Jaguar Land Rover’s production
(08:30) Pen Test Partners’ guide to hacking Bluetooth Low Energy
(11:00) Ransomware attack on Harbor Diesel & Equipment
(13:42) Advances in SBOM validation and continuous vulnerability management
(17:25) Machine learning intrusion detection for the Internet of Vehicles
(20:32) Practical takeaways for OEMs, suppliers, and dealerships
(23:50) Community questions and call for industry collaboration
Referenced Links- Automotive Cybersecurity Standards: ISO/SAE 21434
- UNECE Regulation No. 155 – Cybersecurity and Cybersecurity Management Systems
- UNECE Regulation No. 156 – Software Updates
- Pen Test Partners – Practical Guide to Hacking BLE
- Ransomware.live – Akira Group Listing
- Kaspersky: A Decade of Vehicle Hacks Report
Please Leave Us a Rating and Review
If you enjoyed this episode of Security Breaks, please take a moment to rate and review us on Apple Podcasts — it helps others in the automotive cybersecurity community discover the show.
Connect With ASRG (Automotive Security Research Group)🌐 ASRG.io
💼 ASRG on LinkedIn
📧 Contact: [email protected]
View all episodes
By Automotive Security Research GroupIn this episode, Kate dives into the latest automotive cybersecurity headlines — from wireless tire pressure monitoring vulnerabilities to supplier ransomware and SBOM validation breakthroughs. She unpacks critical issues affecting OEMs, Tier 1 suppliers, and dealerships, while highlighting the real-world implications of Bluetooth Low Energy attacks, supply chain risks, and continuous software validation.
Whether you’re an engineer, cybersecurity practitioner, or dealership IT lead, this episode delivers a fast-paced, expert breakdown of what’s shaping the automotive security landscape right now.
Key Takeaways- TPMS (Tire Pressure Monitoring Systems) still transmit unencrypted signals, leaving room for spoofing and tracking vulnerabilities.
- Supplier cyber incidents, such as those impacting Jaguar Land Rover, show how attacks ripple through the entire automotive supply chain.
- Bluetooth Low Energy (BLE) weaknesses continue to expose vehicles to unauthorized access — secure pairing and token rotation are essential.
- Ransomware groups like Akira are increasingly targeting distributors and service providers within the automotive ecosystem.
- Continuous SBOM validation and integration with threat intelligence are key to proactive risk management under ISO/SAE 21434 and UNECE R155.
- Machine learning intrusion detection systems (IDS) show promise but require realistic datasets and careful tuning to avoid false positives.
Quotes“Safety signaling that can be faked is a problem. When drivers start to ignore warnings, we’ve already lost the battle.”
“If your dealer network still relies on flat networks because printers — this is your sign to fix that.”
“Your SBOM program isn’t about paperwork. It’s about knowing what’s in your software so you can fix what matters.”
Timestamps
(01:29) Wireless threats to tire pressure monitoring systems (TPMS)
(06:00) Supplier cyberattacks disrupting Jaguar Land Rover’s production
(08:30) Pen Test Partners’ guide to hacking Bluetooth Low Energy
(11:00) Ransomware attack on Harbor Diesel & Equipment
(13:42) Advances in SBOM validation and continuous vulnerability management
(17:25) Machine learning intrusion detection for the Internet of Vehicles
(20:32) Practical takeaways for OEMs, suppliers, and dealerships
(23:50) Community questions and call for industry collaboration
Referenced Links- Automotive Cybersecurity Standards: ISO/SAE 21434
- UNECE Regulation No. 155 – Cybersecurity and Cybersecurity Management Systems
- UNECE Regulation No. 156 – Software Updates
- Pen Test Partners – Practical Guide to Hacking BLE
- Ransomware.live – Akira Group Listing
- Kaspersky: A Decade of Vehicle Hacks Report
Please Leave Us a Rating and Review
If you enjoyed this episode of Security Breaks, please take a moment to rate and review us on Apple Podcasts — it helps others in the automotive cybersecurity community discover the show.
Connect With ASRG (Automotive Security Research Group)🌐 ASRG.io
💼 ASRG on LinkedIn
📧 Contact: [email protected]