0.3 C
London
Wednesday, February 8, 2023

Sirius XM flaw could have allowed hackers to unlock and start cars remotely

Must read

Biden thanks congressional leaders, Nancy Pelosi in State of the Union address

IE 11 is not supported. For an optimal experience, please visit our site on a different browser.Biden: 'The climate crisis doesn't matter if...

Biden to Address Child Safety Online at State of the Union • londonbusinessblog.com

President Joe Biden will address the nation in the second State of the Union address of his term on Tuesday night. By a...

Global VC firm Partech reaches first slot of largest African fund at €245 million • londonbusinessblog.com

To get a roundup of londonbusinessblog.com's biggest and most important stories delivered to your inbox every day at 3PM PST, register here. How are you,...

Steven Roy- Wiki, age, height, net worth, wife, ethnicity

Stephen Roy is a Canadian filmmaker and actor. Steven directed and appeared in a number of well-known films. He has appeared in...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

A vulnerability affecting Sirius XM’s connected vehicle services allows hackers to remotely start, unlock, locate, flash and honk cars. Sam Curry, a security engineer at Yuga Labs, worked with a group of security researchers to discover the flaw and outlined their findings in a thread on Twitter (through Gizmodo).

In addition to offering a satellite radio subscription, Sirius XM also supplies the telematics and infotainment systems used by a number of automakers, including Acura, BMW, Honda, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru and Toyota. These systems collect a ton of information about your car that is easily overlooked – and can potentially have privacy implications. Last year, one report Shame drew attention to a spy company planning to sell the telematics-based location information of more than 15 billion cars to the US government.

While telematics systems obtain data about your car’s GPS location, speed, turn-by-turn navigation and maintenance requirements, certain infotainment settings can track call logs, voice commands, text messages and more. All of this data enables vehicles to provide “smart” features such as automatic crash detection, remote engine start, stolen vehicle alerts, navigation, and the ability to remotely lock or unlock your car. Sirius XM offers all of these features and more, as well says more than 12 million vehicles on the road using its connected vehicle systems.

However, as Curry points out, adversaries can exploit this system if proper precautions are not in place. In a statement to GizmodoCurry says Sirius XM built “infrastructure around sending/receiving this data and enabled customers to authenticate using some form of mobile app,” such as MyHonda or Nissan Connected. Users can log into their accounts on these apps, which are linked to their vehicle’s VIN number, to perform commands and obtain information about their car.

It’s this system that can give bad guys access to someone’s car, Curry explains, as Sirius XM uses the VIN number associated with someone’s account to pass information and commands between the app and its servers. By creating an HTTP request to retrieve a user’s profile with the VIN, Curry says he was able to retrieve the name, phone number, address and car details of the vehicle’s owner. He then tried to execute commands using the VIN and discovered that he could control the vehicle remotely, allowing him to lock or unlock it, start the car, and perform other functions.

Curry says he notified Sirius XM of the flaw and the company quickly patched it. In a statement to The edgecompany spokesperson Lynnsey Ross said the vulnerability was “resolved within 24 hours of the report being filed,” adding that “at no time was a subscriber or other data compromised, nor was an unauthorized account modified using this method.”

Individual, Curry discovered another flaw within the MyHyundai and MyGenesis apps that might also allow hackers to remotely hijack a vehicle, but says he’s been working with the automaker to fix the problem. In a statement shared with The edge by Hyundai spokesperson Ira Gabriel, the company confirmed that “Hyundai worked diligently with outside consultants to investigate the alleged vulnerability as soon as the researchers brought it to our attention.” It also notes that “no customer cars or accounts – for both Hyundai and Genesis – were used by others as a result of the issues raised by the investigators”, clarifying that its vehicles were not affected by the Sirius XM vulnerability.

White hat hackers have found similar exploits in the past. In 2015, a security researcher discovered an OnStar hack that allowed attackers to remotely locate a vehicle, unlock the doors, or start the car. Around the same time, a report of Wired showed how a Jeep Cherokee can be hacked and controlled remotely with someone at the wheel.

Update December 3, 5:48 PM ET: Updated to add statement from Sirius XM and Hyundai.


More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Biden thanks congressional leaders, Nancy Pelosi in State of the Union address

IE 11 is not supported. For an optimal experience, please visit our site on a different browser.Biden: 'The climate crisis doesn't matter if...

Biden to Address Child Safety Online at State of the Union • londonbusinessblog.com

President Joe Biden will address the nation in the second State of the Union address of his term on Tuesday night. By a...

Global VC firm Partech reaches first slot of largest African fund at €245 million • londonbusinessblog.com

To get a roundup of londonbusinessblog.com's biggest and most important stories delivered to your inbox every day at 3PM PST, register here. How are you,...

Steven Roy- Wiki, age, height, net worth, wife, ethnicity

Stephen Roy is a Canadian filmmaker and actor. Steven directed and appeared in a number of well-known films. He has appeared in...

Aussie fintech Yondr tackles inflation pains and hidden costs

As inflation and interest rates continue to rise, digital banking alternative Yondr is stepping up to help Australians save on hidden costs and budget...