Danger ahead: Researchers exploit gaps in the connected vehicle software supply chain

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.

A group of researchers probing the security of applications and infrastructure that supports connected vehicles discovered they could access the development environments and raw application source code of German automaker Mercedes Benz and SiriusXM Connected Vehicle Services, which supplies telematics software and applications to a wide range of vehicle makers. 

The researchers wrote last week that they were able to use an account …

access application applications code compromised development environments exploit german infrastructure mercedes-benz researchers security services siriusxm software software supply chain source code supply supply chain telematics vehicle vehicles