Researchers demonstrated that smart buses, the transportation vehicles that incorporate various systems to improve safety, efficiency, and passenger experience, can be remotely hacked.The findings were described on Friday at the DEF CON hacker convention by Chiao-Lin Steven Meow Yu of Trend Micro Taiwan and Kai-Ching Keniver Wang of CHT Security, a Taiwan-based MSSP.The researchers started digging into the cybersecurity of smart buses after noticing that free Wi-Fi was available for passengers.An analysis showed that the same machine-to-machine (M2M) router was used both to provide free Wi-Fi to passengers and for in-vehicle systems used for Advanced Public Transportation Services (APTS) and Advanced Driver Assistance Systems (ADAS).The ADAS uses sensors, cameras, radar and LiDAR to assist drivers and prevent accidents. Its capabilities include collision warning, lane departure warning, speed limit indicator, and traffic sign recognition, as well as passenger and driver monitoring for safety purposes.APTS consists of various components meant to increase the efficiency of public transport systems, such as GPS devices that provide an accurate location of the bus, interfaces for passengers and operators, route and schedule services, and panels installed at bus stops all managed through a central system.The researchers were able to easily bypass the on-board routers authentication and gained access to its administration interface. Since there was no network segmentation, they were then able to move to APTS and ADAS functionality.The experts discovered several vulnerabilities in these systems, including command injections and an MQTT backdoor that enabled remote access to the bus.Ultimately, Yu and Wang determined that a hacker could find vulnerable buses on the internet and launch remote attacks.Once an attacker understands the protocol via packet analysis or similar methods, it is possible to perform attacks from the internet without needing to be physically present on the bus, Yu toldSecurityWeek.They demonstrated various scenarios, including how hackers could track the exact location of a bus or access the onboard camera, which is protected by easy-to-guess default passwords.According to the researchers, through these vulnerabilities hackers could manipulate on-board displays, steal passenger and driver information, and even access the transportation companys servers.The protocols in use (at least in Taiwan) do not implement any encryption or authentication, even by industry standards, Yu explained. This means if an attacker is able to conduct MITM (Man-In-The-Middle) attacks, they can directly modify or forge the content.The researchers found that an attacker can connect to the buss systems and obtain information such as GPS location, engine speed (RPM), and the vehicles average speed.This data can be manipulated and the experts described several theoretical real-world attack scenarios. For instance, an attacker could change a vehicles GPS location, which would result in emergency response being delayed in case of an accident. A hacker can also falsify the RPM data to hide real mechanical problems or create spurious ones in an effort to cause disruption.Attackers can also falsify driver and vehicle state data to trigger false emergency or accident alerts. They could also set a false out of service status to disrupt bus schedules and operations.The research was conducted on buses in Taiwan, but Yu toldSecurityWeek that the vulnerable systems may be used in other countries as well, based on the fact that the vendor offers language options for Chinese, English, Japanese and Vietnamese.The researchers said they attempted to responsibly disclose their findings to affected vendors, including the maker of the router, US-based BEC Technologies, and the firm that provides intelligent transportation solutions for buses in Taiwan, Maxwin. However, they received no response and the vulnerabilities appear to remain unpatched.

CHT Security is recognized for innovation, operational excellence, and customer-centric strategies that safeguard Taiwans digital infrastructure.San Antonio, TX 29th July, 2025 Frost Sullivan is pleased to announce thatCHT Security Co., Ltd. has received the 2025 Taiwan Company of the Year Recognition in the cybersecurity services industry for its outstanding achievements in innovation, strategy execution, and client impact. This recognition highlights CHT Securitys consistent leadership in delivering scalable, end-to-end cybersecurity solutions that enhance national cyber defense and enterprise digital resilience.CHT Security excels in its unique ability to align its cybersecurity strategy with market demand with speed, precision, and scale. Frost Sullivan recognizes CHT Securitys full-service model, proprietary innovation, and commitment to underserved markets as a strategic approach that positions the company for long-term growth and relevance, said Vivien Pua, senior industry analyst at Frost Sullivan.Backed by the infrastructure of Chunghwa Telecom, Taiwans largest telecom provider, CHT Security has scaled rapidly by leveraging in-house innovation, cloud-based intelligence platforms, and AI-enhanced threat detection. Its long-term strategy integrates ESG principles, global certifications, and localized partnerships, ensuring service relevance across both high-impact sectors and underserved SMB segments in Taiwan and beyond.The companys innovation pipeline is anchored by platforms such as CypherCom, a hardware-based encryption solution that strengthens endpoint protection by isolating critical processes from compromised systems. Similarly, SecuTex ED and HorusEyes deliver real-time threat detection and scalable protection, bringing enterprise-grade cybersecurity within reach for smaller organizations. Our mission is to make advanced cybersecurity not only powerful, but also practical and accessible so that every organization, regardless of size, can protect what matters most. saidJeff Hung,General Managerat CHT Security.CHT Securitys customer-first mindset is evident in its 24/7 multilingual support, biannual client feedback loops, and rapid on-site assistance. The companys focus on professionalism is underscored by rigorous internal assessments, government-aligned certifications, and a strong emphasis on staff training. This structured, responsive approach has fostered exceptional client loyalty, positioning CHT Security as a go-to provider for Taiwans most sensitive public and private institutions.Frost Sullivan commends CHT Security for setting a new benchmark in Taiwans cybersecurity sector. From its strategic clarity and local responsiveness to its relentless focus on innovation, the company exemplifies what it means to lead with purpose and deliver with precision.Each year, Frost Sullivan presents a Company of the Year recognition to the organization that demonstrates excellence in terms of growth strategy and implementation in its field. This recognizes a high degree of innovation with products and technologies, and the resulting leadership in terms of customer value and market penetration.Frost Sullivan Best Practices recognitions spotlight companies across global markets that demonstrate superior leadership, technological innovation, customer service, and strategic product development. Our research and evaluation methodology includes comprehensive interviews, analysis, and benchmarking to identify industry leaders setting the standard for excellence.

Join Us at COMPUTEX Taipei 2025!Booth I1110 | 1F, Hall 1, Taipei Nangang Exhibition CenterMay 2023, 2025CHT Security is excited to showcase our full lineup of cutting-edge cybersecurity products and services at one of the worlds largest tech events COMPUTEX Taipei 2025.Whether youre looking to strengthen your network defense, enhance endpoint protection, or explore secure communication solutions, our experts will be onsite to guide you through the technologies shaping the future of cybersecurity.Discover. Connect. Protect.See how CHT Security is safeguarding digital infrastructure across industries.Mark your calendar and stop by Booth I1110!

Come Visit CHT Security at CYBERSEC2025!!Well showcase the cutting-edge cybersecurity solutions, including:SOC/MDR monitoring: the integration of SOC, MDR and SOAR for defense in-depth incident responseHorusEyes: the continuous threat exposure managementSecuTex NP/ED: protect enterprises from both gateway endpointCypherCom: hardware-based end-to-end communication system

Radware (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today announced it signed a managed security service provider (MSSP) agreement with CHT Security (stock code: 7765). The new agreement represents an expansion of an existing relationship. CHT Security, one of Taiwans leading MSSPs, is a subsidiary and security arm of Chunghwa Telecom Co., Ltd., the largest telco in the country.CHT Security is leveraging Radwares AI-powered Cloud Application Protection Services to further enhance its product portfolio and offer customers across Taiwan state-of-the-art application security. CHT Security also uses Radwares on-prem DefensePro DDoS Protection to defend its customers against cyber attacks.The agreement comes at a time when the frequency and intensity of cyber attacks is increasing in the region. According to a Radware threat advisory, Pro-Russian hacktivist groups, including NoName057(16), RipperSec, and the Cyber Army of Russia, launched a series of DDoS attacks against more than 50 targets in Taiwan, including government sites, airports, and financial services organizations. In addition, the rapid development of network technology and continuous software and hardware updates are creating security gaps for enterprise websites and applications, leaving them vulnerable to zero-day attacks and exposing them to the risk of hacker extortion and data leakage.To address their application security needs, Radwares Cloud Application Protection Service offers organizations a one-stop shop that includes an industry-leading web application firewall (WAF), bot detection and management, API protection, client-side protection, and application-layer DDoS protection. Combining end-to-end automation, AI-powered algorithms, behavioral-based detection, and 24/7 managed services, the solution defends against 150+ known attack vectors. This includes the OWASPs Top 10 Web Application Security Risks, Top 10 API Security Vulnerabilities, and Top 21 Automated Threats to Web Applications.We are looking forward to partnering with Radware to expand our product offering and engage with customers at an even higher level of service, said Jeff Hung, general manager from CHT Security. Combined with CHT Securitys rich practical experience and 24X7 expert SOC team, we can provide our customers with multi-layered defense services against todays most sophisticated threats.Today, CHT Security offers cybersecurity services to more than 300 large-sized enterprises, more than 40,000 small and medium-sized enterprises, and a million individual and household clients. The companys clientele includes government agencies, financial institutions, high-tech companies, healthcare, retail, and critical infrastructure sectors.We are excited to expand our long-standing relationship with CHT Security, said Yaniv Hoffman, Radwares vice president of sales in APAC. It is becoming increasingly difficult for already short-staffed security teams to defend against a threat landscape that is constantly evolving with more frequent and complex attacks. Through our joint efforts, we can not only help organizations solve these challenges and increase the security around their critical assets, but also create a win-win for the Taiwan market.Radware has received numerous awards for its solutions. Industry analysts such as Aite-Novarica Group, Forrester Research, Gartner, GigaOm, IDC, KuppingerCole, and Quadrant Knowledge Solutions continue to recognize Radware as a market leader in cyber security.About CHT SecurityCHT Security (TWSE: 7765) is a specialized cybersecurity subsidiary of Chunghwa Telecom, the largest telco, ISP, and one of the most trustworthy ICT companies in Taiwan. Being the leading Managed Security Service Provider (MSSP) in Taiwan, CHT Security delivers comprehensive cyber security services. CHT Security holds ISO 27001, ISO 27701, ISO 20000, ISO 17025 and IEC 62443 CBTL . CHT Security provides telco-centric network security and comprehensive cyber security services to almost every segment, including government, critical infrastructure, finance, manufacturer, healthcare, enterprise and even consumer.

Happy New Year to all of you! Wish you a promising 2025.

CHT Security (TWSE: 7765) Red Teaming service won the 2024 Cyber Security-Pilot Award on 24th Dec. after winning 2024 Top Penetration Testing Service Provider in APAC. CHT Securitys red team is the only ISO 20000 certified testing team in Taiwan and the only testing team to win top rating for consecutive years in governments annual evaluation. With rich experience and state-of-the-art technologies, CHT Securitys red team service defends enterprises against cyber attacks and starts to deliver services overseas.The red teaming service is that the security experts who hold certified ethical hacker certificates take the role of attackers for enterprises to conduct comprehensive testing such as reconnaissance, vulnerability discovery, exploitation, exfiltration and gain control of critical assets so as to enable enterprises to test their programs capabilities against real-world attack scenarios, consequently improving the overall security posture. Red teaming service is to complement the easily overlooked perimeter defense in penetration testing and the deployment blind spots due to human errors. By adopting intelligence from public information, social networks, supply chains, dark web and combining the expertise of domain knowledge, offensive and defensive techniques and hacking tools, red teaming experts conduct comprehensive intrusion drills on the targets and organizations agreed upon by both parties, including on-premises, cloud, and hybrid cloud environments, while also validating blue teams capabilities for detection and response.Jeff Hung, the general manager of CHT Security, said, Red teaming is the most effective method and means for enterprises to check if their defense deployment is good enough. Being the only ISO 20000 certified red teaming service provider in Taiwan positions us as a premium cybersecurity service provider to our clients. In addition to testing expertise, CHT Security strictly formulates standard procedures, records the process in detail, improves customer communication, consults on customer satisfaction, and provides customers with high-quality red teaming service with professionalism and discipline.CHT Securitys testing service received top-notch grade for consecutive years in governments evaluation by the Executive Yuan. The experts possess years of experience and many international certificates such as OSCP, OSED, OSEP, OSWE, OSWP, CRT, CPSA, CISSP, CSSLP, GWAPT, GPEN, ECSA, LPT and even the first OSCE3 certificate in the country. The red team is renowned for publishing more than 100 CVE zero-day vulnerabilities.CHT Security is a leading MSSP (managed security service provider) in this region with years of experience and expertise. The team holds internation certifications including ISO 27001, ISO 27701, ISO 20000, ISO 17025, and IEC 62443 CBTL. CHT security has won straight A for five consecutive years in governments annual review. Its services span multiple sectors, including finance, manufacturer, high-tech, healthcare, retailer. critical infrastructure, and government institutions. As an A-grade cybersecurity service and solutions provider, CHT Security extends its comprehensive solutions to over three hundred large enterprises, 40,000 SMEs and nearly one million household and mobile consumers.

【Summary】Vulnerability List1st Vulnerability: Local File Inclusion2nd Vulnerability: XSS【Details】1. Local File InclusionDescriptionLack of access control of sensitive files. By manipulating specific parameters, any files on the server could be obtained easily. Sensitive information such as JSP file source code, configuration files, and even binary files might be in dangerous.ImpactWith the product, it might be difficult to maintain the Confidentiality.【Known Affected Software】IDExpert version before 2.7.3.2310302. XSSDescriptionCaused by not sanitizing the input value on the server side. Furthermore, web server combines dangerous strings and real content to render HTML source code.ImpactWith the product, relative client browsers might fall into threats.【Known Affected Software】IDExpert version before 2.7.3.231030CreditsYu-Jen Lai (CHT Security)

CHT Security leads Taiwans cybersecurity industry with game-changing, AI-driven solutions that streamline incident response times and address a broad spectrum of emerging threats.Frost Sullivan recently researched the cybersecurity services industry and, based on its findings, recognizes CHT Security with the 2024 Taiwan Company of the Year Award. CHT Security is Taiwans leading managed security service provider (MSSP), offering superior customer support and innovative AI-powered cybersecurity solutions that seamlessly protect businesses from the latest cyber threats.CHT Security efficiently integrates AI and automation capabilities into its operations, dramatically reducing the time required to detect and mitigate cyber threats. Its services span multiple sectors, including critical infrastructure, healthcare, and finance, and its customer base includes over 300 large enterprises and nearly a million consumers. Additionally, the companys solutions cover all stages of cybersecurity management, from pre-event detection, during-event monitoring and response to post-event digital forensics and recovery. This end-to-end approach, combined with its powerful Security Operations Center (SOC) and Managed Detection and Response (MDR) services, ensures that clients receive proactive and responsive protection tailored to their operational needs.CHT Security also invests heavily in cultivating talent to meet the growing demands of the cybersecurity sector. The company encourages professional development by offering extensive training opportunities and helping employees obtain globally recognized certifications. Through collaborations with universities and ongoing internal training programs, CHT Security ensures it has a highly skilled team ready to tackle complex cybersecurity challenges. This strengthens its internal capabilities and enhances its customers experience.Frost Sullivan acknowledges that CHT Security is well-positioned as a client-centric vanguard in Taiwans cybersecurity services market by merging its SOC with MDR services, capitalizing on AI and automation, and facilitating real-time incident response (IR) and threat detection. The companys all-encompassing offerings meet diverse environments (including IT and OT) dynamic requirements and agilely respond to evolving cyber threats, said Iqra Azam, best practices research analyst at Frost Sullivan.CHT Security is steadily growing in the Taiwanese market and offers first-class cybersecurity solutions to over 900,000 households and mobile subscribers, over 40,000 SMEs, and 300 large enterprises and government institutions.The company implements a customer-first approach to ensure its solutions align with each clients specific needs. CHT Security continuously improves its services by conducting tri-annual satisfaction surveys and closely reviewing feedback. This dedication to addressing customer pain points is reflected in its high retention rates, with over 90% of its clients choosing to continue their partnerships. Furthermore, CHT Security assigns dedicated project managers to each client to guarantee personalized service and rapid response times, enhancing its outstanding brand reputation and reliability.Frost Sullivan opines that CHT Securitys exemplary customer service and steady talent cultivation reinforce its competitive advantage. The company delivers unique benefits and fosters solid stakeholder relationships by leveraging the voice of the customer and investing in skilled professionals, noted Vivien Pua, senior industry analyst at Frost Sullivan.Each year, Frost Sullivan presents a Company of the Year award to the organization that demonstrates excellence in terms of growth strategy and implementation in its field. The award recognizes a high degree of innovation with products and technologies, and the resulting leadership in terms of customer value and market penetration.Frost Sullivan Best Practices awards recognize companies in various regional and global markets for demonstrating outstanding achievement and superior performance in leadership, technological innovation, customer service, and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analyses, and extensive secondary research to identify best practices in the industry.About CHT SecurityCHT Security (TWSE: 7765) is a specialized cybersecurity subsidiary of Chunghwa Telecom, the largest telco and ISP in Taiwan. Being the leading Managed Security Service Provider (MSSP) in Taiwan, CHT Security delivers comprehensive cyber security services. CHT Security provides telco-centric network security and comprehensive cyber security services to almost every segment, including government, critical infrastructure, finance, manufacturer, healthcare, enterprise and even consumer. For more details, visit our official website.For more information please click here.

CHT Security held an investors conference on Tuesday (Aug. 13) announcing it will list on Taiwans OTC market on Aug. 20 with the stock number 7765 and a subscription price of NT$220 (US$6.82) per share, with Yuanta Securities as the lead underwriter.Founded at the end of 2017, CHT Security is a leading cybersecurity professional services provider in Taiwan, with a capital of NT$363 million. Its main business includes network security, professional cybersecurity services, and cybersecurity product sales. Since its establishment, the company has been consistently profitable, with annual revenue and profits growing by 20-30%. It has been honored with the highest 5A rating by the Executive Yuans cybersecurity evaluation for five consecutive years and was recognized by Frost Sullivan as Taiwans best cybersecurity service company for three consecutive years. The current Chairman is Max Chen, and the General Manager is Jeff Hung. The subscription price for the OTC listing is NT$220 per share, with Yuanta Securities Co., Ltd. as the lead underwriter.CHT Security is a cybersecurity professional services subsidiary of Chunghwa Telecom Co., Ltd. (referred to as CHT) and is a leading cybersecurity company in Taiwan. It serves over 300 large enterprises, more than 40,000 small and medium-sized enterprises, and nearly 1 million individual and household clients. Its corporate clientele includes government agencies, financial institutions, high-tech companies, healthcare, retail, and critical infrastructure sectors, with extensive experience in cybersecurity defense and offense. In 2023, CHT Securitys revenue was NT$1.696 billion, with a pre-tax profit of NT$339 million and earnings per share of NT$7.8. For the first half of 2024, revenue reached NT$856 million, with a net profit of NT$193 million and net earnings per share of NT$5.35, reflecting continued revenue and profit growth.CHT Security holds international certifications including ISO 27001, ISO 27701, ISO 20000, ISO 17025, and IEC 62443 CBTL. Its SOC services and in-house products, such as SecuTex NP/ED and CypherCom end-to-end encryption communication system, have won the COMPUTEX Best Choice Award for three consecutive years, demonstrating its professional strength and service quality.Looking ahead, CHT Security will continue to focus on stable growth and expanding its market leadership. The company plans to invest in technology, leverage AI and cloud technologies to enhance cybersecurity for clients, explore new areas such as low-Earth orbit satellites and drones, and innovate for value creation. It will also develop proprietary products to boost international competitiveness, actively explore new markets in Southeast Asia and beyond, and partner with CHTs overseas subsidiaries to serve Taiwanese and international clients, aiming to become a globally recognized cybersecurity brand.CHT Security Co., Ltd. Management Team. Photo provided by CHT SecurityFrom left to right: Tsai Jian Gang, Vice President of CHT Security; Hung Jin Fu, General Manager of CHT Security; Shui-Yi Kuo, Chairman of Chunghwa Telecom; Chen Ming Shi, Chairman of CHT Security; Wen Ya Ru, Vice President of CHT Security; Wang Xin Fu, Vice President of CHT Security.