Log4Shell—Vehicle Fleets Can be Impacted

Home Blog Log4Shell—Vehicle Fleets Can be Impacted

Log4Shell—Vehicle Fleets Can be Impacted

By Monique Lance

The recent high severity Apache Log4j 2 vulnerability has security teams around the world scrambling to patch their backend servers exposed to the internet from the latest Log4Shell vulnerability.  Apache Log4j is widespread. In fact it can be found in organizations and products such as Twitter, Tesla, and even established security incident and event management systems, such as IBM QRadar.  But what does this vulnerability mean for automotive security teams? 

For IT teams, their first priority will probably be the publicly exposed servers and interfaces in the organization rather than the private, internal servers. Additionally, on the face of it, security teams at a vehicle OEM may not even consider that their vehicle fleet can be impacted by a Log4Shell exploit. After all, vehicles are not usually running Log4j – so why should they be concerned? However, this is a potentially dangerous assumption. 

OEM and Tier 1s are connecting vehicle components to their private network (for example, through an APN over cellular) linking the vehicle to a variety of servers and services. Therefore, a threat actor can access an OEM’s potentially exploitable private servers – from his/her very own vehicle. 

Like every PC in the organization, every connected vehicle is another endpoint in an OEMs network and as such a potential attack vector. This means that threat actors can use your vehicles to launch attacks on the organization.
An unverified example of an exploit of the vulnerability from a vehicle is shown below:

Source: Github https://github.com/YfryTchsGD/Log4jAttackSurface

In the past, PlaxidityX (formerly Argus Cyber Security) has implemented similar attack paths. The research team gained initial access to a vehicle telematics unit and used it as an attack vector to access the OEM’s backend servers. The team showed how they could exploit vulnerabilities in the OEM’s remote servers in order to gain a foothold in the organization’s private network.

In a real scenario, a threat actor can potentially use the compromised servers to issue additional attacks on the entire fleet.

To summarize—a threat actor can potentially wage a fleet-wide attack through one single compromised vehicle.

What should you do? 

If your vehicles are communicating to an internal cloud – regardless of whether it is exposed to the internet or not – your fleet may be vulnerable to this exploit. We advise security teams to include any servers communicating with vehicle fleets as a threat actor and in this specific case to check if the vulnerable code exists on these servers. 

Please do not hesitate to contact the PlaxidityX research team if you have any questions regarding the impact of this vulnerability on your fleet.

Published: December 12th, 2021

Ready to See Plaxidityx in Action?

“We see cybersecurity as a differentiator of our market offering and believe our partnership with PlaxidityX complements our “Digital Shield” cybersecurity service offering, helping us to achieve our goal of becoming a leader in secure software and electronics.”

Oliver Huppenbauer
Global Cybersecurity Manager at Marquardt

“The partnership with PlaxidityX enables our OEM and Tier 1 customers to benefit from our new, high-performance Ajunic®️ platform without the security worries. By leveraging PlaxidityX’s automotive cyber security expertise and innovative IDPS product line, we will be able to deliver market-leading in-vehicle protection capabilities as an integral part of our software development stack.”

Georg Schwab
Managing Director of AVL Software and Functions

“We chose PlaxidityX based on its proven experience, knowledge, methodology, and expertise..PlaxidityX’s ability to complete and submit in an extremely short time with top quality results, was critical for meeting our business goals”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Emrah Duman
Ford Trucks Leader

“PlaxidityXs’ comprehensive suite of cyber security solutions and its outstanding array of strategic technological partnerships have contributed to the company’s leadership position”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Dorothy Amy
Industry Analyst, Business Strategy & Innovation, Mobility
Frost & Sullivan

“The partnership with PlaxidityX enables our customers to perform cybersecurity testing on our established test platforms ..We are excited to partner with a strong and experienced cybersecurity service provider such as PlaxidityX”

Dr. Herbert Schütte
Executive Vice President Real-Time Test & Development Solutions
dSPACE

“By combining PlaxidityX’s expertise in securing connected vehicles with Microsoft’s Azure AI capabilities, we have a unique opportunity to accelerate ‘shift left’ security innovations across the entire automotive sector..”

PlaxidityX (Formerly Argus) Automotive Cyber Security
Dominik Wee
Corporate Vice President for Manufacturing and Mobility
Microsoft

“PlaxidityX is a key pillar of Continental’s SDV strategy, enabling Continental to implement a security-by-design approach. As automotive cyber security moves to the cloud, PlaxidityX’ cutting-edge technologies and proven VSOC capabilities position us advantageously to meet our customers’ future needs”

Gilles Mabire
Chief Technology Officer
Continental

Updates and insights

Report

2025 Global Automotive Security Regulations Report – Executive Summary

Webinar

Breaking the cybersecurity barrier: securing High-Performance Computers in next-gen vehicle architectures

Automotive Cyber Security

Truck Cybersecurity: Combating Threats on the Open Road

Learn how we bring peace of mind for millions of drivers