An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/May/66 | Mailing List Third Party Advisory |
https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-30T21:00:00
Updated: 2018-05-30T20:57:01
Reserved: 2018-05-25T00:00:00
Link: CVE-2018-11477
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-30T21:29:00.473
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-11477
JSON object: View
Redhat Information
No data.
CWE