Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,194,411 members, 7,954,629 topics. Date: Saturday, 21 September 2024 at 03:02 AM

Vulnerability In Smart Alarm System - Left 3 Million Vehicles At Risk. - Car Talk - Nairaland

Nairaland Forum / Nairaland / General / Car Talk / Vulnerability In Smart Alarm System - Left 3 Million Vehicles At Risk. (857 Views)

Toyota Recalling 1.8 Million Vehicles Because Fuel Pumps Can Fail / Honda Recalls 1.1 Million Vehicles For Second Time Over Takata Airbag Issues / Nissan Has Built 150 Million Vehicles Since 1933 (2) (3) (4)

(1) (Reply)

Vulnerability In Smart Alarm System - Left 3 Million Vehicles At Risk. by Hexilon: 12:49pm On Mar 08, 2019
White hat hackers at Pen Test Partners were able to exploit critical vulnerabilities in popular ‘smart’ car alarm apps and unlock vehicles, listen in on driver conversations and even kill the engine whilst running.

Ken Munro, the founder of Pen Test Partners, explains that an advert by one of the vendors concerned and stating the system was unhackable had piqued interest initially. That’s never a great claim to make as any security expert will tell you that there is no such thing as being 100% secure.
They invested nearly £4,000 ($5,000) in high-end smart car alarms systems in order to put them to the test. The systems, built by Russian alarm maker Pandora and California-based Viper — or Clifford in the U.K., were vulnerable to an easily manipulated server-side API, according to researchers at Pen Test Partners, a U.K. cybersecurity company. In their findings, the API could be abused to take control of an alarm system’s user account — and their vehicle.

It’s because the vulnerable alarm systems could be tricked into resetting an account password because the API was failing to check if it was an authorized request, allowing the researchers to log in.

Although the researchers bought alarms to test, they said “anyone” could create a user account to access any genuine account or extract all the companies’ user data.
In one example demonstrating the hack, the researchers geolocated a target vehicle, track it in real-time, follow it, remotely kill the engine and force the car to stop, and unlock the doors. The researchers said it was “trivially easy” to hijack a vulnerable vehicle. Worse, it was possible to identify some car models, making targeted hijacks or high-end vehicles even easier.


https://www.youtube.com/watch?v=aZUQmJMuf8c

Amongst the vehicles that could be at risk from this particular vulnerability according to Munro are Mazda 6, Range Rover Sport, Kia Quoris, Toyota Fortuner, Mitsubishi Pajero, Toyota Prius 50 and RAV4.

https://techcrunch.com/2019/03/07/car-alarms-flaw-hijack/amp/?__twitter_impression=true

https://www.forbes.com/sites/daveywinder/2019/03/08/hackers-find-critical-flaws-in-smart-car-alarm-apps-what-drivers-need-to-know/amp/

(1) (Reply)

All 157 Persons On Board Ethiopian Airlines Die In Crash / How Profitable Is Blogging About Automobile In Nigeria? / Advice Needed For Uber/taxify Business

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 12
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.