Skip to Content

Car Hacking Bugs

Updated on 2022-12-04: Researchers find bugs allowing access, remote control of cars

Not a great week for car makers. @samwcyo and team discovered two sets of flaws — one affecting Hyundai and Genesis cars and another affecting Honda, Nissan, Infiniti and Acura vehicles. The bugs allow remote access and control over thousands of cars made after 2012. The Record consolidates the bugs one place (and more from SecurityWeek, too). The second batch of flaws were particularly interesting as they all involve upstream telematics and broadcasting company Sirius XM, which could allow an attacker to remotely fully manage a vehicle by exploiting the app. That’s because SiriusXM is baked into many modern vehicles. (“So many brands under one roof!” remarked @samwcyo.) Forbes ($) brings this all together by looking at how police can use this broad level of remote access to vehicles’ data to obtain warrants for car data, like location data. Read more:

Updated on 2022-12-01

Car hacking #1

Security researchers Sam Curry, Brett Buerhaus, and @_Specters_ have found a vulnerability in the web portal of Hyundai cars that could be used to take over a car owner’s account and remotely control the locks, engine, horn, headlights, and trunk of all vehicles made after 2012. Curry&friends said the vulnerability resided in the fact that both portals did not require users to confirm their email addresses, allowing the researcher to use a malformed email address to access other users’ accounts. The vulnerability also impacted Genesis cars, which is Hyundai’s line of luxury cars sold under its own brand. Hyundai fixed the issue following the researchers’ report.

Car hacking #2

The same trio also found a vulnerability in the SiriusXM app that ships with cars from Honda and Nissan. Curry&friends said the vulnerability could be used to remotely unlock, start, locate, flash, and honk the horn of cars running the vulnerable app. Unlike the first vulnerability, to exploit this one, an attacker would have had to know a targeted car’s VIN number. The same app also ships with cars from BMW, Hyundai, Jaguar, Land Rover, Subaru, and Toyota, although the researchers said they didn’t test these models. SiriusXM has since fixed the vulnerability.

Overview

Researchers from Yuga Labs found that vulnerabilities in mobile apps exposed Genesis and Hyundai car models after 2012 to remote attacks, including unlocking and starting the cars. Read more: Hyundai app bugs allowed hackers to remotely unlock, start cars

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.