Volkswagen has implemented client assertion requirements that break Home Assistant's ability to access Volkswagen vehicles, blocking a popular third-party integration used by thousands of smart home users.
The integration, which allows Home Assistant users to monitor and control Volkswagen vehicles through the open-source platform, stopped functioning after Volkswagen introduced stricter authentication mechanisms requiring client assertions.
The change affects the homeassistant-volkswagencarnet integration, a community-maintained project that bridges Volkswagen's API with Home Assistant. Users report the integration no longer authenticates successfully against Volkswagen's servers.
VW has not publicly announced the change or provided details about the new requirements. The stricter authentication appears designed to prevent unauthorized API access and limit integration with non-official platforms.
The issue has gained significant traction in developer communities, with 194 upvotes and 101 comments on Hacker News, indicating widespread impact among the Home Assistant user base. The integration maintainers are investigating workarounds, though the technical barriers may prove difficult to overcome without official support from Volkswagen.
This represents the latest instance of automakers tightening API access to third-party integrations, a trend affecting multiple home automation platforms.
Abbott Laboratories is investigating two separate cybersecurity incidents involving unauthorized access to internal systems and alleged data theft, with attackers reportedly making extortion demands.
A method has emerged allowing Zoom participants to prevent meetings from being recorded without administrator approval. The technique highlights growing concerns about automatic transcription and recording practices.
Canadian cybersecurity firm Magnet Forensics has filed suit against a former contractor accused of sharing trade secrets about an iPhone vulnerability with a competing company.
A vulnerability called HollowByte enables unauthenticated attackers to trigger denial-of-service conditions on OpenSSL servers using a malicious payload of just 11 bytes. The flaw causes severe memory bloat on affected systems.