Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Car hacking …. one of my favorite topics from an interest viewpoint but obviously not a good thing when it happens in the wild. The first time I saw just how huge of an issue car hacking could be was watching the famous DEFCON Charlie Miller & Chris Valasek talk. If you haven’t seen this, look it up and watch. They demonstrated how they could remotely locate impacted vehicles and do anything from shutting off the breaks to changing the dashboard display. Luckily, they are the good guys and first worked with the impacted manufactures to have things fixed before publishing the research.

Fast forward to today and once again there is news of another huge vulnerability allowing threat actors to send commands to internal systems. The details for this article from hacker news can be found HERE. Once again, the impacted manufacturers have been notified and associated vulnerabilities have been patched. According to the researcher “If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely,” the researchers noted.

Let’s hope the wrong parties don’t discover something like this in the future and start causing chaos on the roads.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.