Bosch Patches Security Flaw in Smartphone App

Robert Bosch GmbH has issued a software update to fix a security flaw that enables hackers to remotely take control of a moving vehicle and bring it to a stop.

The vulnerability lies in Bosch’s Drivelog Connector, an aftermarket device that car owners can use to track their vehicles’ fuel economy, vehicle diagnostics, maintenance needs, trip data and more through a smartphone app. The system is activated by plugging a Bosch dongle into the vehicle’s onboard diagnostic port.

The flaw was discovered in February by Tel-Aviv-based Argus Cyber Security Ltd. The Israeli company was able to use the Bosch system’s Bluetooth capabilities to bypass security filters and inject malicious messages into a vehicle’s in-car communications network.