Researchers hack Ferraris, Rolls-Royces and other luxury vehicles
Hackers were able to access real-time GPS data in some cases, and remotely start and stop a vehicle in others
of Sebastian Bell
7 January 2023 at 14:29
of Sebastian Bell
A wide variety of car manufacturers were alerted to major cyber security flaws in their vehicles by white hat hackers. The researchers discovered late last year that they could find owners’ personal information, find live GPS data and even start and stop some vehicles remotely.
The hackers exposed these weaknesses to the automakers (and others), all of whom have responded and tried to fix the security flaws. The hackers, led by Sam Curry, have now written up their findings in a blog post.
They found vulnerabilities of varying degrees in vehicles from Hyundai, Genesis, Kia, Honda, Infiniti, Nissan, Acura, Mercedes, BMW, Rolls-Royce, Ferrari, Ford, Porsche, Toyota and Jaguar Land Rover. In addition, companies such as Reviver, which produce digital license plates, were found to have issues with cyber security.
Read: Hackers Can Remotely Unlock, Start Honda, Nissan, Infiniti and Acura Cars Through SiriusXM
These ranged from the ability to access “mission-critical internal applications”, in the case of Mercedes, to being able to remotely lock and unlock a vehicle, start and stop engines, flash headlights, honk horns and more in Hyundai and Genesis vehicles.
In Ferraris, meanwhile, the hackers were able to access customer records, change Ferrari-owned websites and take over customer accounts. That meant hackers could gain access to personal information, such as addresses and more.
ad scroll to continue
Alarmingly, the hackers were able to find live Porsche vehicle locations, send commands to those vehicles and retrieve customer information. Similarly, Reviver, the makers of digital license plates, could also be hacked to give up GPS data and user records. The researchers could even have marked vehicles with these plates as stolen, risking being treated as thieves by the police.
Although all the vulnerabilities found by these hackers have been patched by the car manufacturers, their existence highlights the security holes found in many modern cars. Speaking to BleepingComputer, Curry had the following advice for owners:
“When buying a used car, make sure the previous owner’s account is removed,” Curry said. “Use strong passwords and set up 2FA (two-factor authentication) if possible for apps and services that connect to your vehicle.”
