Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Your Car

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Your Car

Posted By: AndiV
Date: Monday, 16-Jan-2023 03:51:20

At this point, we started a group chat and all began to work with the goal of finding vulnerabilities affecting the automotive industry. Over the next few months, we found as many car-related vulnerabilities as we could. The following writeup details our work exploring the security of telematic systems, automotive APIs, and the infrastructure that supports it.
Findings SummaryDuring our engagement, we found the following vulnerabilities in the companies listed below:

Kia, Honda, Infiniti, Nissan, Acura

Fully remote lock, unlock, engine start, engine stop, precision locate, flash headlights, and honk vehicles using only the VIN numberFully remote account takeover and PII disclosure via VIN number (name, phone number, email address, physical address)Ability to lock users out of remotely managing their vehicle, change ownershipFor Kia’s specifically, we could remotely access the 360-view camera and view live images from the carhttps://samcurry.net/web-hackers-vs-the-auto-industry/


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s