Automotive Zero-Day
Vulnerability Knowledge Base

Why Do Automotive Zero-Day Vulnerabilities Matter?

Unknown and Unpatched

Zero-day vulnerabilities are security flaws, gaps, bugs, or weaknesses that are unknown to the vendors of the affected components or systems and thus have not been fixed or patched.

Real and Impactful

The automotive industry is only just beginning to grasp the reality that exploitation of zero-day vulnerabilities can have a direct impact on vehicles and that keeping up with them is imperative.

Complex and Challenging

With the increasing complexity of the automotive ecosystem, zero-day vulnerabilities pose a formidable challenge for vehicle manufacturers (OEMs), suppliers, and stakeholders.

Automotive Zero-Day Vulnerability Advisories

The following is a list of automotive vulnerabilities discovered by researchers through Trend Micro’s Zero Day Initiative (ZDI) that are yet to be publicly disclosed. This initial list comprises zero-day vulnerabilities discovered at Pwn2Own Automotive, hosted by VicOne with the ZDI. For each vulnerability, the affected vendor has been contacted and is expected to develop a patch. While the vendors work on patches for these vulnerabilities, VicOne customers are protected from exploitation by virtual patches delivered ahead of public disclosure. These vulnerabilities are handled according to the ZDI Disclosure Policy.

ZDI CAN	Target	Category	Type	State

VicOne: Protection Beyond Others’
Against Automotive Zero-Day Vulnerabilities

VicOne’s best-in-class automotive threat intelligence includes early access to vital information on automotive zero-day vulnerabilities, thanks to VicOne’s pioneering partnership with the ZDI. As a result, VicOne’s range of products can detect automotive zero-day vulnerabilities, such as those discovered at Pwn2Own Automotive, even before they are publicly disclosed. By offering early detection capabilities, VicOne empowers automotive OEMs, suppliers, and stakeholders to determine whether their components or systems are vulnerable and to proactively assess risks and potential business impacts ahead of competitors.

SEE HOW

VicOne: Accelerating Automotive
Zero-Day Vulnerability Discovery

Brings attention to the ever-expanding connected car attack surface, thereby highlighting the urgency of fortifying the industry against emerging and evolving threats.

Emphasizes the importance of safeguarding the complex components and technologies that make up the modern connected vehicle, paving the way for more robust and resilient cybersecurity protection.

Goes beyond vulnerability disclosures by forging strategic connections and collaborations among security researchers and automotive stakeholders, in a community where groundbreaking discoveries are duly recognized and acted upon.

GO TO EVENT PAGE

More Insights Into Automotive
Zero-Day Vulnerabilities From VicOne

Blog
Quantum Computing: Forging New Frontiers for Autonomous Vehicles

April 15, 2024
In celebration of World Quantum Day on April 14, we discuss how quantum computing can further improve advanced driver assistance systems (ADASs) and the risks associated with this disruptive technology.
Read More 
Blog
Open RAN: A Gateway to Improved V2X Communications and to New Security Risks

April 12, 2024
Open RAN is said to usher advances in V2X communications for connected vehicles. Researchers have taken a closer look at this technology to see where vulnerabilities might slip through amid its anticipated advantages.
Read More 
Blog
Understanding the Impact of NIST IR 8473 on EV Charging Infrastructure Security

April 8, 2024
The NIST IR 8473 cybersecurity framework profile marks a shift in scope from individual chargers to the entire charging infrastructure. This expanded scope suggests that electric vehicle supply equipment manufacturers and charge point operators need to consider cybersecurity from an industry-level risk-based approach rather than focusing solely on individual IoT devices.
Read More 
Blog
Unlocking the Power of Edge Intelligence to Rev Up Automotive Defense

April 3, 2024
By utilizing the BlackBerry IVY connected vehicle data platform, VicOne enables AI-empowered threat detections at the edge, cloud-controlled access to vehicle data, and response to potential cyberattacks on software-defined vehicles (SDVs).
Read More 