• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
siriusxm vulnerability lets hackers remotely unlock and start connected cars

SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars

You are here: Home / General Cyber Security News / SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars
December 5, 2022

Cybersecurity scientists have found a security vulnerability that exposes automobiles from Honda, Nissan, Infiniti, and Acura to remote attacks as a result of a connected vehicle services furnished by SiriusXM.

The issue could be exploited to unlock, start, track down, and honk any auto in an unauthorized fashion just by being aware of the vehicle’s automobile identification number (VIN), researcher Sam Curry claimed in a Twitter thread previous week.

SiriusXM’s Linked Vehicles (CV) Expert services are explained to be applied by a lot more than 10 million vehicles in North The united states, like Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

The technique is created to allow a wide variety of protection, security, and convenience solutions this kind of as automated crash notification, increased roadside aid, remote doorway unlock, distant motor begin, stolen car recovery aid, turn-by-change navigation, and integration with clever home units, among other folks.

The vulnerability relates to an authorization flaw in a telematics method that produced it possible to retrieve a victim’s individual details as perfectly as execute commands on the autos sending a specially crafted HTTP request made up of the VIN quantity to a SiriusXM endpoint (“telematics.net”).

Hack Connected Cars

In a connected enhancement, Curry also in-depth a different vulnerability impacting Hyundai and Genesis cars and trucks that could be abused to remotely handle the locks, engines, headlights, and trunks of the cars made just after 2012 by making use of the registered email addresses.

Via reverse engineering the MyHyundai and MyGenesis applications and inspecting the API targeted visitors, the scientists discovered a way to get close to the email validation action and seize regulate of a target car’s features remotely.

“By incorporating a CRLF character at the close of an presently present victim email address through registration, we could develop an account which bypassed the JWT and email parameter comparison verify,” Curry described.

SiriuxXM and Hyundai have considering that rolled out patches to tackle the flaws.

The conclusions appear as Sandia National Laboratories summarized a number of recognised flaws in the infrastructure powering electric powered car (EV) charging, which could be exploited to skim credit card details, alter pricing, and even hijack an entire EV charger network.

Located this posting interesting? Observe us on Twitter  and LinkedIn to study extra distinctive articles we write-up.


Some sections of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Digital Giant ABB to Pay $315m in Bribery Case
Next Post: Second French hospital forced to relocate patients after cyber attack this year second french hospital forced to relocate patients after cyber attack»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site
  • FCC Wants to Accelerate Breach Reporting for Telcos

Copyright © TheCyberSecurity.News, All Rights Reserved.