Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Sat, 14 Jan 2023 22:03:00 Dan

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.

The #security #vulnerabilities were found in the automotive APIs powering #Acura, #BMW, #Ferrari, #Ford, #Genesis, #Honda, #Hyundai, #Infiniti, #Jaguar, #Kia, #LandRover, #Mercedes Benz, #Nissan, #Porsche, #RollsRoyce, #Toyota as well as in software from #Reviver, #SiriusXM, and #Spireon.

The #flaws run a wide gamut, ranging from those that give access to internal company systems and user information to weaknesses that would allow an attacker to remotely send commands to achieve code execution.

The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al detailed security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks.

More at https://thehackernews.com/2023/01/millions-of-vehicles-at-risk-api.html

About the author

Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.