|
|
|
|
|
|
by bri3d
1293 days ago
|
|
|
The linked vulnerabilities don't even have anything to do with firmware (although it is certainly littered with issues too), but rather just basic web/application security issues on the "cloud" side of "cloud" services. This is less of a directional shift IMO as the classic "hardware companies are bad at software" issue. There's no unsolved or novel problem in this SiriusXM vulnerability (or one from the same researcher in Hyundai/Genesis systems where they compared a JWT subject with a subject passed in the request, but stripped whitespace). There's no update-frequency or validation issue. It's just basic web application security getting neglected. |
|
|