Security flaws in top luxury cars allow data theft and jump-start cars

Security flaws in top luxury cars allow data theft and jump-start cars

Top luxury cars, including Mercedes and Ferrari, are said to have major safety flaws. These errors can potentially lead to data theft and also unlock and start cars without the owner’s knowledge. Techradar reported that nearly two dozen car brands are affected by these flaws. These brands include – BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota and Genesis.

Hackers can unlock, start and track BMW, Rolls-Royce, Mercedes-Benz, Ferrari and other cars, according to researchers

Image credit- Mashable

Also affected were the automakers, automotive technology makers Spireon and Reviver, as well as streaming service provider SiriusXM. These flaws were discovered by cybersecurity researcher Sam Curry who has a history of discovering security flaws in connected cars. In early December 2022, he discovered a flaw in SiriusXM that allowed threat actors to gain access to connected vehicles.

Here, different manufacturers had different vulnerabilities. BMW and Mercedes-Benz have had flawed Single-sign-on (SSO) capabilities that allowed threat actors to gain access to internal systems, giving them access to GitHub instances, private chats, servers, AWS instances, and more. With BMW, potential attackers could have gained access to internal dealer portals, car VIN numbers, as well as sales documents with sensitive owner details

Other than the two car manufacturers, the owners of KIA, Honda, Infiniti, Nissan, Acura, Mercedes-Benz, Hyundai, Genesis, BMW, Roll Royce, Ferrari, Ford, Porsche and Toyota cars could have had their personally identifiable information ( PII ) leaked.

Other car manufacturers

Ferrari was also heavily affected, as the SSO flaw allowed threat actors to access, modify or delete any Ferrari customer account. They could even have set themselves up as car owners. With Porsche, flaws in the telematics systems allowed the threat actors to pinpoint the exact location of the cars, and even send commands to the vehicles.

See also  The iPhone 15 features I really hope Apple delivers

All the affected suppliers were notified of the findings, and have since corrected the errors. GPS vehicle tracking provider Spireon, reportedly used in more than 15 million vehicles, had a flaw that, among other things, allowed threat actors to unlock the cars, start the engine or disable the starter. To protect against such errors in the future, researchers suggest that vehicle owners store as little personal information in vehicles and mobile apps as possible. And possibly use a different postal ID as personal and the one used for vehicles, just to be careful. However, car manufacturers are working to avoid all these cases. These flaws need to be ironed out, especially if automakers go for autonomous vehicles. With technical glitches unlocking doors, it shouldn’t be able to drive on its own based on someone else’s control.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *