Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,195,024 members, 7,956,793 topics. Date: Monday, 23 September 2024 at 07:09 PM |
Nairaland Forum / Nairaland / General / Car Talk / Vulnerability In Smart Alarm System - Left 3 Million Vehicles At Risk. (859 Views)
Toyota Recalling 1.8 Million Vehicles Because Fuel Pumps Can Fail / Honda Recalls 1.1 Million Vehicles For Second Time Over Takata Airbag Issues / Nissan Has Built 150 Million Vehicles Since 1933 (2) (3) (4)
(1) (Reply)
Vulnerability In Smart Alarm System - Left 3 Million Vehicles At Risk. by Hexilon: 12:49pm On Mar 08, 2019 |
White hat hackers at Pen Test Partners were able to exploit critical vulnerabilities in popular ‘smart’ car alarm apps and unlock vehicles, listen in on driver conversations and even kill the engine whilst running. Ken Munro, the founder of Pen Test Partners, explains that an advert by one of the vendors concerned and stating the system was unhackable had piqued interest initially. That’s never a great claim to make as any security expert will tell you that there is no such thing as being 100% secure. They invested nearly £4,000 ($5,000) in high-end smart car alarms systems in order to put them to the test. The systems, built by Russian alarm maker Pandora and California-based Viper — or Clifford in the U.K., were vulnerable to an easily manipulated server-side API, according to researchers at Pen Test Partners, a U.K. cybersecurity company. In their findings, the API could be abused to take control of an alarm system’s user account — and their vehicle. It’s because the vulnerable alarm systems could be tricked into resetting an account password because the API was failing to check if it was an authorized request, allowing the researchers to log in. Although the researchers bought alarms to test, they said “anyone” could create a user account to access any genuine account or extract all the companies’ user data. In one example demonstrating the hack, the researchers geolocated a target vehicle, track it in real-time, follow it, remotely kill the engine and force the car to stop, and unlock the doors. The researchers said it was “trivially easy” to hijack a vulnerable vehicle. Worse, it was possible to identify some car models, making targeted hijacks or high-end vehicles even easier. https://www.youtube.com/watch?v=aZUQmJMuf8c Amongst the vehicles that could be at risk from this particular vulnerability according to Munro are Mazda 6, Range Rover Sport, Kia Quoris, Toyota Fortuner, Mitsubishi Pajero, Toyota Prius 50 and RAV4. https://techcrunch.com/2019/03/07/car-alarms-flaw-hijack/amp/?__twitter_impression=true https://www.forbes.com/sites/daveywinder/2019/03/08/hackers-find-critical-flaws-in-smart-car-alarm-apps-what-drivers-need-to-know/amp/ |
(1) (Reply)
The New Mercedes-Benz CLA Coupé: A Trendsetter (pictures) / Meet Top Nigeria Woman With Their Private Jet Https://youtu.be/jdbjomgyvbs / Can Someone Get A Car Directly From Warehouse?
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 10 |