Several well-known car manufacturers had to fix major security flaws. These allowed hackers to intercept personal information, unlock cars remotely and even start them. BMW, Roll Royce, Mercedes-Benz, Ferrari and Porsche are among the brands affected.
A few weeks ago, ethical hacker Sam Curry reported the existence of a flaw in Honda, Acura, Nissan, Infiniti vehicles. A vulnerability in the SiriusXM telematics platform allowed hackers to access connected vehicles and take control of them remotely. It finally turns out that many other brands were exposed to major security flaws.
Some have been found at Mercedes, Ferrari, Porsche, Jaguar and other renowned manufacturers. They could have allowed malicious individuals to steal owners’ personal information, track their vehicles, and also unlock and start cars remotely. All affected vendors and service providers have been briefed and have since deployed patches.
Read > Tesla: a Bluetooth vulnerability allows them to be opened and started remotely
Thorny flaws on a myriad of luxury cars
In detail, BMW and Mercedes-Benz had a flawed single sign-on feature that allowed hackers to access internal systems. They then had access to GitHub instances, private discussions, servers or AWS instances. On the BMW side, potential attackers could have accessed internal dealer portals, vehicle identification numbers and sales documents, which may contain sensitive owner details (including address).
At Ferrari, the SSO flaw allowed hackers to access, modify or delete any Ferrari customer account. A pirate could even have defined himself as the owner of the car. At Porsche, flaws in the telematics systems made it possible to locate the exact location of cars and even send commands.
The Spireon GPS service, used by 15.5 million vehicles, also had a flaw. This gave pirates the possibility of unlocking the cars and starting the engine. By exploring other API flaws, ethical hackers were finally able to access the personal information of car owners KIA, Honda, Infiniti, Nissan, Acura, Mercedes-Benz, Hyundai, Genesis, BMW, Roll Royce, Ferrari, Fords, Porsches and Toyotas.
