People entrust neural networks with their most important, even intimate, matters: verifying medical diagnoses, seeking love advice, or turning to AI instead of a psychotherapist. There are already known cases of suicide planning, real-world attacks, and other dangerous acts facilitated by LLMs.  Consequently, private chats between humans and AI are drawing increasing attention from governments, corporations, and curious individuals.

So, there won’t be a shortage of people willing to implement the Whisper Leak attack in the wild. After all, it allows determining the general topic of a conversation with a neural network without interfering with the traffic in any way — simply by analyzing the timing patterns of sending and receiving encrypted data packets over the network to the AI server. However, you can still keep your chats private; more on this below…

How the Whisper Leak attack works

All language models generate their output progressively. To the user, this appears as if a person on the other end is typing word by word. In reality, however, language models operate not with individual characters or words, but with tokens — a kind of semantic unit for LLMs, and the AI response appears on screen as these tokens are generated. This output mode is known as “streaming”, and it turns out you can infer the topic of the conversation by measuring the stream’s characteristics. We’ve previously covered a research effort that managed to fairly accurately reconstruct the text of a chat with a bot by analyzing the length of each token it sent.

Researchers at Microsoft took this further by analyzing the response characteristics from 30 different AI models to 11,800 prompts. A hundred prompts were used: variations on the question, “Is money laundering legal?”, while the rest were random and covering entirely different topics.

By comparing the server response delay, packet size, and total packet count, the researchers were able to very accurately separate “dangerous” queries from “normal” ones. They also used neural networks for the analysis — though not LLMs. Depending on the model being studied, the accuracy of identifying “dangerous” topics ranged from 71% to 100%, with accuracy exceeding 97% for 19 out of the 30 models.

The researchers then conducted a more complex and realistic experiment. They tested a dataset of 10,000 random conversations, where only one focused on the chosen topic.

The results were more varied, but the simulated attack still proved quite successful. For models such as Deepseek-r1, Groq-llama-4, gpt-4o-mini, xai-grok-2 and -3, as well as Mistral-small and Mistral-large, researchers were able to detect the signal in the noise in 50% of their experiments with zero false-positives.

For Alibaba-Qwen2.5, Lambda-llama-3.1, gpt-4.1, gpt-o1-mini, Groq-llama-4, and Deepseek-v3-chat, the detection success rate dropped to 20% — though still without false positives. Meanwhile, for Gemini 2.5 pro, Anthropic-Claude-3-haiku, and gpt-4o-mini, the detection of “dangerous” chats on Microsoft’s servers was only successful in 5% of cases. The success rate for other tested models was even lower.

A key point to consider is that the results depend not only on the specific AI model, but also on the server configuration on which it’s running. Therefore, the same OpenAI model might show different results in Microsoft’s infrastructure versus OpenAI’s own servers. The same holds true for all open-source models.

Practical implications: what does it take for Whisper Leak to work?

If a well-resourced attacker has access to their victims’ network traffic — for instance, by controlling a router at an ISP or within an organization — they can detect a significant percentage of conversations on topics of interest simply by measuring traffic sent to the AI assistant servers, all while maintaining a very low error rate. However, this does not equate to automatic detection of any possible conversation topic. The attacker must first train their detection systems on specific themes — the model will only identify those.

This threat cannot be dismissed as purely theoretical. Law enforcement agencies could, for example, monitor queries related to weapons or drug manufacturing, while companies might track employees’ job search queries. However, using this technology to conduct mass surveillance across hundreds or thousands of topics isn’t feasible — it’s just too resource-intensive.

In response to the research, some popular AI services have altered their server algorithms to make this attack more difficult to execute.

How to protect yourself from Whisper Leak

The primary responsibility for defense against this attack lies with the providers of AI models. They need to deliver generated text in a way that prevents the topic from being discerned from the token generation patterns. Following Microsoft’s research, companies including OpenAI, Mistral, Microsoft Azure, and xAI reported that they were addressing the threat. They now add a small amount of invisible padding to the packets sent by the neural network, which disrupts Whisper Leak algorithms. Notably, Anthropic’s models were inherently less susceptible to this attack from the start.

If you’re using a model and servers for which Whisper Leak remains a concern, you can either switch to a less vulnerable provider, or adopt additional precautions. These measures are also relevant for anyone looking to safeguard against future attacks of this type:

• Use local AI models for highly sensitive topics — you can follow our guide.
• Configure the model to use non-streaming output where possible so the entire response is delivered at once rather than word by word.
• Avoid discussing sensitive topics with chatbots when connected to untrusted networks.
• Use a robust and trusted VPN provider for greater connection security.
• Remember that the most likely point of leakage for any chat information is your own computer. Therefore, it’s essential to protect it from spyware with a reliable security solution running on both your computer and all your smartphones.

Here are some more articles explaining what other risks are associated with using AI, and how to configure AI tools properly:

• AI sidebar spoofing: a new attack on AI browsers
• The pros and cons of AI-powered browsers
• How hackers can read your chats with ChatGPT or Microsoft Copilot
• Privacy settings in ChatGPT
• DeepSeek: configuring privacy and deploying a local version

Kaspersky official blog – ​Read More

Imagine you’ve been invited to a private poker game with famous athletes. Who would you trust more to shuffle the deck — a dealer or a specialized automated device? Fundamentally, this question boils down to what you’ve more faith in: the dealer’s honesty or the machine’s reliability. Many poker players would likely prefer the specialized device — it’s clearly harder to bribe or coerce than a human dealer. However, back in 2023, cybersecurity researchers demonstrated that one of the most popular shuffler models — the DeckMate 2 made by Light & Wonder — is actually quite easy to hack.

Two years later, law enforcement found traces of these devices being rigged not in a lab, but out in the wild. This post details how the DeckMate 2 shuffler works, why its design facilitates cheating, how criminals weaponized this hack, and what… basketball has to do with it all.

How the DeckMate 2 automated card shuffler works

The DeckMate 2 automatic shuffler went into production in 2012. Since then, it’s become one of the most popular models, used in nearly every major casino and private poker club in the world. The device is essentially a black box roughly the size of an average office shredder, and typically installed underneath the poker table.

The DeckMate 2 is a professional automated card shuffler that quickly shuffles the deck while simultaneously verifying that all 52 cards are present and no extras have been slipped in. Source

On the table surface, only a small compartment is visible where the cards are placed for shuffling. Most ordinary players probably don’t realize that the “underwater” portion of this “iceberg” is significantly larger and more complex than it appears at first glance.

This is what the DeckMate 2 looks like when installed in a gaming table: all the fun stuff is hidden beneath the surface. Source

After the dealer places the deck inside the DeckMate 2, the machine runs the cards through a reading module one by one. At this stage, the device verifies that the deck contains all 52 cards and nothing except them — if that’s not the case the connected screen displays an alert. Afterward, the machine shuffles the cards and returns the deck to the dealer.

The DeckMate 2 takes just 22 seconds to both shuffle a deck and check the cards while it’s at it. The check for missing or extra cards uses an internal camera that scans every card in the deck — and this camera is also involved in sorting the deck. It’s hard to imagine the practical use for that last feature in card games — one might assume the designers added it just because they could.

Jumping ahead, this camera is what literally allowed both researchers and malicious actors to see the sequence of the cards. The previous model, the Deck Mate, didn’t have such a camera, and thus offered no way to peek at the card order.

To keep hackers out, the DeckMate 2 uses a hash check designed to confirm that the software hasn’t been altered after installation. Upon startup, the device calculates the hash of its firmware and compares it to the reference stored in its memory. If the values match, the machine assumes its firmware is unmodified and proceeds; if not, the device should recognize a tampering attempt.

Additionally, the DeckMate 2 design includes a USB port, which is used for loading firmware updates. DeckMate 2 devices can also be rented from the manufacturer Light & Wonder rather than purchased outright, often under a pay-per-use plan. In this case, they’re usually equipped with a cellular modem that transmits usage data to the manufacturer for billing.

How the researchers managed to compromise the DeckMate 2

Long-time readers of our blog have likely already spotted several flaws in the DeckMate 2 design that the researchers exploited for their proof-of-concept. They demonstrated it at the Black Hat cybersecurity conference in 2023.

The first step in the attack involved connecting a small device to the USB port. For their POC, the researchers used a Raspberry Pi microcomputer, which is smaller than an adult’s palm. However, they noted that with sufficient resources, malicious actors could execute the same attack using an even more compact module — the size of a standard USB flash drive.

Once connected, the device discreetly altered the DeckMate 2’s code and seized control. This also granted the researchers access to the aforementioned internal camera intended for verifying the deck. They could now view the exact order of the cards in the deck in real time.

This information was then transmitted via Bluetooth to a nearby phone, where an experimental app displayed the sequence of cards.

The experimental app created by the researchers: it receives the card order via Bluetooth from the hacked DeckMate 2. Source

The exploit relies on the cheater’s accomplice wielding the phone with the app installed on it. This person can then use subtle gestures/signals to the cheating player.

What enabled the researchers to gain this degree of control over the DeckMate 2 was a vulnerability in its hard-coded passwords. For their experiments, they purchased several second-hand shufflers, and one of the sellers provided them with the service password intended for DeckMate 2 maintenance. The researchers extracted the remaining passwords — including the root password — from the device’s firmware.

These system passwords on the DeckMate 2 are set by the manufacturer, and are highly likely to be identical for all devices. While studying the firmware code, the researchers discovered that the passwords were hard-coded into the system, making them difficult to change. As a result, the same set of passwords —known to a fairly wide circle of people — likely protects the majority of machines in circulation. This means that nearly all of the devices could be vulnerable to the attack developed by the researchers.

To bypass the hash check, the researchers simply overwrote the reference hash stored in memory. Upon startup, the device would compute the hash of the altered code, compare it to the now equally altered reference value, and deem the firmware authentic.

The researchers also noted that models equipped with cellular modems could potentially be hacked remotely — via a fake base station that the device would connect to instead of a real cell tower. While they didn’t test the viability of this attack vector, it doesn’t seem implausible.

How the mafia used rigged DeckMate 2 machines in real poker games

Two years later, the researchers’ warnings received a real-world confirmation. In October 2025, the U.S. Department of Justice indicted 31 people for organizing a series of fraudulent poker games. According to the case documents, in these games, a criminal group used various technical means to obtain information about their opponents’ hands.

These means included cards with invisible markings paired with phones, special glasses, and contact lenses capable of covertly reading these marks. But more importantly for the context of this post, the scammers also used hacked DeckMate 2 machines configured to secretly transmit information about which cards would end up in each player’s hand.

And this is where we finally get to the part about basketball and NBA athletes. According to the indictment, the scheme involved members of several mafia families, as well as former NBA players.

According to the investigation, the scammers set up a series of high-stakes poker games over several years in various U.S. cities. Wealthy victims were lured by the opportunity to play at the same table as NBA stars (who deny any wrongdoing). Investigators estimate that the victims lost a total of over $7 million.

Disclosed documents contain a truly cinematic account of how the scammers used the hacked DeckMate 2 machines. Instead of rigging other people’s DeckMate 2 devices via a USB port, as the researchers demonstrated, the criminals used pre-hacked shufflers. One episode even details mafia members taking a compromised device from its owner at gunpoint.

Despite this… peculiar modification to the first step of the attack, the core essence remained largely the same as the researchers’ POC. The hacked DeckMate 2 machines transmitted information to a remote operator, who in turn sent it to a participant’s phone. The criminals referred to this operator as the “quarterback”. The scammer would then use subtle signals to direct the course of the game.

What lessons we can learn from this tale

In their comments to journalists, the manufacturers of DeckMate 2 stated that following the research into the device’s hackability, they implemented several changes to both the hardware and software. These improvements included disabling the exposed USB port, and updating the firmware verification routines. Surely, licensed casinos have installed these updates. Well, let’s just hope they have.

However, the state of such devices used in private poker clubs and illegal casinos remains highly questionable. These places often employ second-hand DeckMate 2 machines without updates or proper maintenance, making them particularly vulnerable. And that’s not even considering cases where the house itself might have a motive to rig the machines.

Despite all the intriguing details of the DeckMate 2 hack, it’s based on fairly typical precursors: reused passwords, a USB port, and, of course, unlicensed gambling venues. In this regard, the only advice for gambling enthusiasts is to stay away from illegal gaming clubs.

The broader takeaway from this story is that pre-set system passwords should be changed on any device — whether it’s a Wi-Fi router or a card shuffler. To generate a strong, unique password and remember it, use a reliable password manager. By the way, you can also use Kaspersky Password Manager to generate one-time codes for two-factor authentication.

Kaspersky official blog – ​Read More

November was a packed month for detection coverage. We rolled out new behavioral insights, broadened our visibility across multiple threat families, and strengthened rulesets at every layer. On top of that, our analysts uncovered and documented a new phishing wave targeting Italian organizations through malicious PDF attachments, now fully mapped in a dedicated TI report. 

Let’s walk through the full set of improvements we delivered this month. 

Threat Intelligence Reports 

In November, we published several new TI Reports covering threats that are currently targeting companies around the world. The four of them are open to everyone: 

• RoningLoader, HoldingHands, Snowlight: APT-Q-27 loader chain, stealthy RAT, and Linux VShell dropper enabling cross-platform compromise of enterprise and server environments. 

• PDFChampions, Efimer, BTMOB: Malvertising-based browser hijacker, Tor-hosted cryptocurrency stealer, and Android MaaS trojan abusing Accessibility to drain banking, fintech, and wallet applications. 

• Monkey, Phoenix, NonEuclid: AI-generated Linux ransomware, espionage-focused backdoor, and dual-use RAT–ransomware illustrating convergence of state-aligned techniques and financially motivated crimeware. 

• Valkyrie, Sfuzuan, Sorvepotel: Windows stealer MaaS, adaptable backdoor, and WhatsApp-propagating campaign weaponizing social trust and messaging channels for large-scale infection. 

We also wrote an extensive report exclusively for the TI Lookup Premium subscribers. It goes in-depth on a phishing campaign aimed specifically at Italian organizations across transportation, tourism, telecom, IT, and government sectors. The activity relies on PDF attachments disguised as official documents, each redirecting victims to counterfeit Microsoft login pages built to harvest corporate credentials. 

The report outlines: 

• A consistent lure pattern using Italian-language prompts inviting recipients to “review” or “sign” a document 

• PDF filenames following a shared template: Allegato_Ufficiale_<variable>.pdf 

• Brand impersonation, including well-known Italian companies, to raise credibility 

• Redirect chains leveraging both compromised domains and attacker-controlled infrastructure (e.g., phebeschool.org, mircosotfonilne.ru, vorn.revolucionww.com) 

• Browser fingerprinting behavior tied to data collection on victim systems 

• Email templates localized in Italian, with urgent subject lines pushing immediate action 

We also included ready-to-use TI Lookup queries so analysts can surface related samples quickly, track the filename cluster, and follow the network infrastructure across recent public analysis sessions. 

Behavior Signatures 

In November, we expanded the malicious behavior coverage of ANY.RUN’s Interactive Sandbox with 52 new signatures across ransomware families, loaders, post-exploitation tools, and suspicious PowerShell activity. These additions help analysts surface malicious behavior earlier, reduce repeated checks, and speed up root-cause discovery. 

Here are the latest signatures added: 

• JSGuldr 

• LockerGoga 

• UDPGangster 

• WastedLocker 

• RoningLoader 

• PureHVNC mutex 

• AURA 

• Possible Kerberos ticket injection (PowerShell) 

• CVE-2025-6218 

• Compromised SteamCleaner 

• LockerGoga 

• UDPGangster 

• PowerShell memory allocation 

• Possible path obfuscation (PowerShell) 

• NetworkMiner 

• Intercepter-NG 

• Snowlight 

• RawCap 

• PDFChampions mutex 

YARA Rules 

We added 9 YARA rules in November to improve early detection of ransomware, RAT families, and network-proxy tooling. These rules help analysts flag suspicious samples even before execution, making triage faster and more reliable. 

• Pulsar 

• Noneuclid 

• GhostSocks 

• Qilin 

Suricata Rules 

In November, we added 2,184 new Suricata rules, strengthening network-level detection for RAT traffic, stealer activity, and modern phishing techniques. These additions expand coverage for TLS fingerprinting and browser-based deception tactics. 

• GravityRAT JA3 (sid:84000202): Identifies GravityRAT network activity by previously unlisted JA3 TLS fingerprint. 

• SalatStealer JA3 (sid:84000205): Identifies SalatStealer network activity by previously unlisted JA3 TLS fingerprint. 

• Browser-in-the-Browser phishing attack (sid:85005418): Detects a phishing technique that simulates new browser window with legitimate domain within the actual browser window. 

About ANY.RUN 

ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, is used by more than 500,000 analysts across 15,000 organizations worldwide. The service helps teams investigate threats in real time, follow full execution chains, and surface critical behavior within seconds. 

Analysts can detonate samples, interact with them as they run, and immediately pivot into network traces, file system changes, registry activity, and memory artifacts. With continuously updated detection coverage, including new behavioralsignatures, YARA rules, Suricata rules, and TI insights, teams get faster answers and clearer visibility with less manual effort. 

Whether you’re running day-to-day investigations, handling escalations, or tracking emerging campaigns, ANY.RUN gives SOC teams, DFIR analysts, MSSPs, and researchers a practical way to reduce uncertainty and make decisions with confidence. 

Start your 14-day trial of ANY.RUN today →         

The post Threat Coverage Digest: New Malware Reports and 5K+ Detection Rules  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

Dashcams, popular in some countries and while illegal in others, are typically seen as insurance in case of an accident or roadside dispute. But a team of Singaporean cybersecurity researchers have a different take. They see offline (!) dashcams as a suitable foundation for… a mass surveillance system — moreover, one that can broaden automatically. They presented the details of their research at the Security Analyst Summit 2025.

The espionage potential of a dashcam

So, how can offline device be used for surveillance? Well, though it’s true that most dashcams aren’t equipped with a SIM card or 4G/5G connectivity — even inexpensive models have Wi-Fi. This allows the driver’s phone to connect to the device through a mobile app to adjust settings, download videos, and for other purposes. And as it turns out, many dashcams allow authentication to be bypassed, meaning a malicious actor can connect to them from their own device and then download the stored data.

An attacker has a lot to gain from this. First, there’s the high-resolution video, which clearly shows license plates and road signs. Some dashcam models also record the car’s interior, and others feature wide-angle lenses and/or rear-facing cameras. Second, dashcams can record audio — primarily conversations — inside the vehicle. Third, these video and audio recordings are tagged with precise timestamps and GPS tags.

Therefore, by downloading data from a dashcam, someone could track the owner’s movements, obtain images of the locations where they drive and park, find out what they talk about in the car, and often get photos and videos of the vehicle’s passengers or people near the car. Naturally, for targeted surveillance, a hacker would need to compromise a specific dashcam, while for mass surveillance, they’d need to compromise a large number of devices.

Attack vectors for dashcams

The researchers began their experiments with a popular Thinkware dashcam, but quickly widenend the scope of the study to include two dozen models from 15 or so different brands.

They discovered many similarities in how the different devices operate. The initial connection is typically made to a Wi-Fi access point created by the dashcam itself, using the default SSID and password from the manual.

Most of the models tested by the researchers had a hardcoded password, allowing an attacker to establish a connection with them. Once connected, a hacker gains access to a familiar setup found in other IoT gadgets: an ARM processor and a lightweight Linux build. The attacker then has a whole arsenal of proven tricks to choose from to bypass the manufacturer’s authentication — designed to distinguish the owner from an unauthorized user. At least one of these methods typically works:

• Direct file access. While the minuscule web server in the dashcam waits for a client to send a password at the official entry point, malicious requests for direct video downloads often go through without a password check
• MAC address spoofing. Many dashcams verify the owner’s identity by checking the unique MAC address of their smartphone’s Wi-Fi adapter. The attacker can first intercept this address over the airwaves, and then spoof it in their own requests, which is often enough to establish a connection
• Replay attack. By simply recording the entire Wi-Fi data exchange between the dashcam and the owner’s smartphone during a legitimate connection, an attacker can later replay this recording to gain the needed permissions

Most online services have been protected against these types of attacks for years if not decades. However, these classic vulnerabilities from the past are still frequently discovered in embedded devices.

To allow users to quickly review recorded files on their phone screen, or even watch a live feed from the camera, dashcams typically run several servers similar to those used on the internet. An FTP server enables quick file downloads, while an RTSP server streams live video, and so on. In theory, these servers have their own password-based security to protect them from unauthorized access. In practice, they often use a default, hardcoded password that’s identical for every unit of that model — a password that can be easily extracted from the manufacturer’s mobile app.

The one-hack-fits-all situation

Why are researchers convinced that these devices can be hacked on a massive scale? Due to two key factors:

• Just a few popular dashcam models account for the lion’s share of the market. For instance, in Singapore, nearly half of all dashcams sold are from the brand IMAKE
• Different models, sometimes from different brands, have very similar hardware and software architecture. This is because these dashcam manufacturers source their components and firmware from the same developer

As a result, a single piece of malicious code designed to try a few dozen passwords and three or four different attack methods could successfully compromise roughly a quarter of all dashcams in a real-world urban environment.

In the initial version of the attack, the researchers modeled a semi-stationary scenario. In this setup, an attacker with a laptop would be located at a place where cars stop for a few minutes, such as a gas station or a drive-through. However, further research led them to a more alarming conclusion: everything needed for the attack could be run directly on the dashcam itself! They managed to write code that operates like a computer worm: an infected dashcam attempts to connect to and compromise the dashcams in nearby cars while on the move. This is feasible when vehicles travel at similar speeds, for instance in heavy traffic.

From mass compromise to mass surveillance

The authors of the study didn’t stop at just proving that the hack was possible; they developed a complete system for harvesting and analyzing data. The data from compromised dashcams can be harvested to one central location in two ways: by sending the data directly to the attackers’ computer located at, say, a gas station, or by exploiting the built-in cloud-enabled features of some dashcams.

Some dashcam models are equipped with an LTE module, allowing the malicious code to send data directly to the botnet owner. But there’s also an option for simpler models. For example, a dashcam can have functionality to upload data to a smartphone for syncing it to the vendor cloud, or the compromised device can forward the data to other dashcams, which then relay it to the attacker.

Sometimes, inadequate cloud storage security allows data to be extracted directly — especially if the attacker knows the user identifiers stored within the camera.

The attacker can combine several methods to analyze the harvested data:

• Extracting GPS metadata from photos and videos
• Analyzing video footage to detect road signs and recognize text — identifying specific streets and landmarks
• Using a Shazam-like service to identify music playing in the car
• Leveraging OpenAI models to transcribe audio and generate a concise summary of all conversations inside the vehicle

The result is a brief, informative summary of every trip: the route, travel time, and topics that were discussed. At first glance, the value of this data seems limited because it’s anonymous. In reality, de-anonymization isn’t a problem. Sometimes the owner’s name or license plate number is explicitly listed in the camera’s settings. Furthermore, by analyzing the combination of frequently visited locations (like home and work), it’s relatively straightforward to identify the dashcam owner.

Conclusions and defense strategies

The recent revelations about the partnership between Flock and Nexar underscore how dashcams could indeed become a valuable link in a global surveillance and video monitoring system. Flock operates the largest network of automated license plate reader cameras for police in the United States, while Nexar runs a popular network of cloud-connected dashcams designed to create a “crowdsourced vision” of the roads.

However, the mass hacking of dashcams could lead to a much more aggressive and malicious data-harvesting effort, with information being abused for criminal and fraudulent schemes. Countering this threat is primarily the responsibility of vendors, which need to adopt secure development practices (Security by Design), implement robust cryptography, and employ other technical controls. For drivers, self-defense options are limited, and heavily dependent on the specific features of their dashcam model. We list them below in order of the most to least radical:

• Purchase a model without LTE, Wi-Fi and Bluetooth capabilities. This is the most secure option
• Completely disable Wi-Fi, Bluetooth, and other communication features on the dashcam
• Disable audio recording and, ideally, physically disable the microphone if possible
• Turn off parking mode. This feature keeps the dashcam active at all times to record incidents while the car is parked. However, it drains the car’s battery and, very likely, keeps the Wi-Fi on — significantly increasing the risk of a hack
• Check the available Wi-Fi settings on the dashcam:
  • If there’s an auto-shutoff for Wi-Fi after a certain period, set it to the shortest time possible
  • If you can change the default Wi-Fi password or network name (SSID), be sure to do so
  • If there’s an option to hide the network name (often referred to as Hidden SSID, Wi-Fi Broadcast Off, or Stealth Mode), enable it
• Regularly update your dashcam firmware and its paired smartphone app. This increases the chances that vulnerabilities — like those described in this article — will be patched when you install a newer version.

Modern cars are susceptible to other types of cyberattacks too:

• Highway to… hacked: cyberthreats to connected cars
• Car hacking via Bluetooth
• How millions of Kia cars could be tracked
• I know how you drove last summer
• Spies on wheels: how carmakers collect and then resell information

Kaspersky official blog – ​Read More