#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

car hacking | Breaking Cybersecurity News | The Hacker News

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Jan 09, 2023 Automotive Security
Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The  security vulnerabilities  were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in software from Reviver, SiriusXM, and Spireon. The flaws run a wide gamut, ranging from those that give access to internal company systems and user information to weaknesses that would allow an attacker to remotely send commands to achieve code execution. The research builds on earlier findings from late last year, when Yuga Labs researcher Sam Curry et al  detailed  security flaws in a connected vehicle service provided by SiriusXM that could potentially put cars at risk of remote attacks. The most serious of the issues, which concern Spireon's telematics solution, could have been exploited
SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars

SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars

Dec 05, 2022 Vehicle Security / Internet of Things
Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a  Twitter thread  last week. SiriusXM's Connected Vehicles (CV) Services are  said  to be used by more than 10 million vehicles in North America, including Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota. The system is  designed  to enable a wide range of safety, security, and convenience services such as automatic crash notification, enhanced roadside assistance, remote door unlock, remote engine start, stolen vehicle recovery assistance, turn-by-turn navigation, and integration with smart home devices, among others. The vulnerability rela
Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely

Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely

Jul 20, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in  MiCODUS MV720  Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of the global positioning system tracker," CISA  said . "These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed." Available on sale for $20 and manufactured by the China-based MiCODUS, the company's tracking devices are employed by major organizations in 169 countries spanning aerospace, energy, engineering, government, manufacturing, nuclear power plant, and shipping sectors. The top countries with the most users include Chile, Australia, Mexico, Ukraine, Russi
Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

Sep 12, 2018
Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds. Yes, you heard that right. A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group of the Department of Electrical Engineering at the KU Leuven University in Belgium has demonstrated how it break the encryption used in Tesla's Model S wireless key fob. With $600 in radio and computing equipment that wirelessly read signals from a nearby Tesla owner's fob, the team was able to clone the key fob of Tesla's Model S, open the doors and drive away the electric sports car without a trace, according to Wired . "Today it's very easy for us to clone these key fobs in a matter of seconds," Lennert Wouters, one of the KU Leuven researchers, told Wired. "We can completely impersonate the key fob
Passwords For 540,000 Car Tracking Devices Leaked Online

Passwords For 540,000 Car Tracking Devices Leaked Online

Sep 22, 2017
Another day, another news about a data breach, though this is something disconcerting. Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor
Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features

Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features

Aug 17, 2017
Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car's functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled. No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked. Car Hacking is a hot topic, though it is not new for security researchers who hack cars. A few of them have already demonstrated how to hijack a car remotely , how to disable car's crucial functions like airbags, and even how to remotely steal cars . Now, security researchers have discovered a new hacking trick that can allow attackers to disable airbags and other safety systems of the connected cars, affecting a large number of vendors and vehicle models. A team of researchers from Trend Micro's Forward-looking Threat Research (FTR) team, in collaboration with Politecnico di Milano and
Hackers take Remote Control of Tesla's Brakes and Door locks from 12 Miles Away

Hackers take Remote Control of Tesla's Brakes and Door locks from 12 Miles Away

Sep 20, 2016
Next time when you find yourself hooked up behind the wheel, make sure your car is actually in your control. Hackers can remotely hijack your car and even control its brakes from 12 miles away. Car hacking is a hot topic. Today many automobiles companies have been offering vehicles with the majority of functions electronically controlled, from instrument cluster to steering, brakes, and accelerator. These auto-control electronic systems not only improve your driving experience but at the same time also increase the risk of getting hacked. The most recent car hacking has been performed on Tesla Model S by a team of security researchers from Keen Security Lab, demonstrating how they were able to hijack the Tesla car by exploiting multiple flaws in the latest models running the most recent software. The team said the hacks worked on multiple models of Tesla and believed they would work across all marques. "We have discovered multiple security vulnerabilities and suc
Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless Hack

Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless Hack

Aug 11, 2016
In Brief Some 100 Million cars made by Volkswagen are vulnerable to a key cloning attack that could allow thieves to unlock the doors of most popular cars remotely through a wireless signal, according to new research. Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome? The new attack applies to practically every car Volkswagen has sold since 1995. There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot. Computer scientists from the University of Birmingham and the German engineering firm Kasper & Oswald plan to present their research [ PDF ] later this week at the Usenix security conference in Austin, Texas. Attack 1 — Using Arduino-based RF Transceiver (Cost $40) The first attack can be carried out using a cheap radio device that can
Flaw Allows Attackers to Remotely Tamper with BMW's In-Car Infotainment System

Flaw Allows Attackers to Remotely Tamper with BMW's In-Car Infotainment System

Jul 07, 2016
The Internet of things or connected devices are the next big concerns, as more Internet connectivity means more access points which mean more opportunities for hackers. When it comes to the threat to Internet of Things, Car Hacking is a hot topic. Since many automobiles companies are offering cars that run mostly on the drive-by-wire system, a majority of functions are electronically controlled, like instrument cluster, steering, brakes, and accelerator. No doubt these auto-control systems in vehicles improve your driving experience, but at the same time increase the risk of getting hacked. Recently, security researcher Benjamin Kunz Mejri  have disclosed zero-day vulnerabilities that reside the official BMW web domain and ConnectedDrive portal and the worst part: the vulnerabilities remain unpatched and open for hackers. Benjamin from Vulnerability-Labs has discovered both the vulnerabilities. The first one is a VIN ( Vehicle Identification Number ) session vulnerabil
Mitsubishi Outlander Car's Theft Alarm Hacked through Wi-Fi

Mitsubishi Outlander Car's Theft Alarm Hacked through Wi-Fi

Jun 06, 2016
From GPS system to satellite radio to wireless locks, today vehicles are more connected to networks than ever, and so they are more hackable than ever. It is not new for security researchers to hack connected cars . Latest in the series of hackable connected cars is the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). A security expert has discovered vulnerabilities in the Mitsubishi Outlander's Wi-Fi console that could allow hackers to access the vehicle remotely and turn off car alarms before potentially stealing it. The company has embedded the WiFi module inside the car so that its users can connect with their Mitsubishi mobile app to this WiFi and send commands to the car. Researchers from security penetration testing firm Pen Test Partners discovered that the Mitsubishi Outlander uses a weak WiFi access security key to communicates with the driver's phone. The key to getting into the Wi-Fi can be cracked through a brute force attack (" on a 4 x GPU c
Car Hackers Could Face Life In Prison. That's Insane!

Car Hackers Could Face Life In Prison. That's Insane!

May 02, 2016
Yes, you heard it right. You can now end up your whole life behind bars if you intentionally hack into a vehicle's electronic system or exploit its internal flaws. Car Hacking is a hot topic. Today, many automobiles companies are offering cars that run mostly on the drive-by-wire system, which means the majority of functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator. No doubt these auto-control electronic systems improve your driving experience, but at the same time also increase the risk of getting hacked. Previous research demonstrated hackers capabilities to hijack a car remotely and control its steering, brakes and transmission, and to disable car's crucial functions like airbags by exploiting security bugs affecting significant automobiles. Messing with Cars can Cost You Keeping these risks in mind, the Michigan state Senate has proposed two bills which, if passed into law, will introduce life sentences i
Watch the World's First Mind-Controlled Car in Action

Watch the World's First Mind-Controlled Car in Action

Dec 09, 2015
When automobiles giant like Nissan, Toyota and Tesla are focusing on self-driving smart cars, Chinese researchers have taken the future of automotive car driving technology to the level that's beyond your imaginations. Chinese researchers have built what they claim is the World's First Mind-Controlled Car — that uses nothing but human's brain power to drive. Isn't that sound like a piece of some Sci-Fi movies? But it's true. World's First Mind-Controlled Car The team of researchers from Nankai University, in the north-east port city of Tianjin, has designed a brain signal-reading headgear instrument that allows a driver to: Drive forward Drive backwards Come to a Stop Both Lock and Unlock the vehicle ...all without using his/her hands or feet. The team has spent almost two years bringing the mind-controlled car to the reality. How Does the Mind-Controlled Car Work? Watch in Action Zhang Zhao , one of the project's r
You Can Hack Your Own Car — It's Legal Now

You Can Hack Your Own Car — It's Legal Now

Oct 28, 2015
Yes, you heard right. You can now hack a car by making necessary modifications – but to the car owned by you, not your neighbors. Last year, President Obama passed a bill called 'Unlocking Consumer Choice and Wireless Competition Act,' following which users could unlock their devices – generally those locked under a contract – to use a specific service provider. Also Read:   It's Now Legal to Jailbreak Smart TV, Smartphone Or Tablet . The same year, Electronic Frontier Foundation (EFF) filed a petition with the Librarian of Congress, which has the authority to grant Digital Millennium Copyright Act (DMCA) exemptions , for allowing customers and independent mechanics to repair their vehicles on their own by making necessary modifications. Though many automakers were in opposition to this petition, as they believed by doing so the safety measures of vehicles are going to be at a higher risk. EFF got Success! Yesterday, Library of Congress approve
Hackers Find A Way To Disable Car Airbags System

Hackers Find A Way To Disable Car Airbags System

Oct 24, 2015
Car Hacking is a hot topic today. Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means that a majority of car's functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator. No doubt these auto-control systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. Previously researchers demonstrated how hackers can remotely hijack your car to control its steering, brakes and transmission. And Now… According to a team of security researchers, Hackers can successfully disable car's airbags – as well as other functions – by exploiting a zero-day vulnerability in third-party software that is commonly used by car mechanics. The team, including András Szijj and Levente Buttyán of CrySyS Lab, and Zsolt Szalay of Budapest University, demonstrated the hack on an Audi TT car sold by Volkswagen, and said any
These Top 7 Brutal Cyber Attacks Prove 'No One is Immune to Hacking' — Part II

These Top 7 Brutal Cyber Attacks Prove 'No One is Immune to Hacking' — Part II

Sep 08, 2015
In Part I of this  two-part series from The Hacker News , the First Four list of Top Brutal Cyber Attacks shows that whoever you are, Security can never be perfect. As attackers employ innovative hacking techniques and zero-day exploits, the demand for increased threat protection grows. In this article, I have listed another three cyber attacks, as following: #5 Car Hacking Driving a car is a network's game now! ' Everything is hackable ,' but is your car also vulnerable to Hackers ? General Motors' OnStar application and cars like Jeep Cherokee, Cadillac Escalade, Toyota Prius, Dodge Viper, Audi A8 and many more come equipped with more advanced technology features. These cars are now part of the technology very well known as the " Internet of Things ". Recently two Security researchers, Chris Valasek and Charlie Miller demonstrated that Jeep Cherokee could be hacked wirelessly over the internet to hijack its steering, brakes, and transmi
RollJam — $30 Device That Unlocks Almost Any Car And Garage Door

RollJam — $30 Device That Unlocks Almost Any Car And Garage Door

Aug 08, 2015
We have talked a lot about car hacking. Recently researchers even demonstrated how hackers can remotely hijack Jeep Cherokee to control its steering, brakes and transmission. Now, researchers have discovered another type of car hack that can be used to unlock almost every car or garage door. You only need two radios, a microcontroller and a battery, costing barely under $30, to devise what's called RollJam capable to unlock any car or garage at the click of a button, making auto hacking cars so simple that anyone can do it. The recent hack takes advantage of the same vulnerable wireless unlocking technology that is being used by the majority of cars manufacturers. These wireless unlocking systems are Keyless entry systems that enable the car owner to unlock his car just by pressing a button sitting at his workplace remotely ( within a range of 20 metres ). What RollJam does and How? RollJam steals the secret codes, called Rolling Code, that is gene
Car Hacking ? Scary, But Now it’s REALITY!

Car Hacking ? Scary, But Now it's REALITY!

Jul 25, 2015
Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of
Two Million Cars Using Wireless Insurance Dongle Vulnerable to Hacking

Two Million Cars Using Wireless Insurance Dongle Vulnerable to Hacking

Jan 21, 2015
2015 will be a year more smarter than 2014 with smarter mobile devices, smarter home appliances, and yes Smarter Automobiles. Nowadays, there are a number of automobiles companies offering vehicles that run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled, from instrument cluster to steering, brakes, and accelerator as well. No doubt these systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. According to a recent research, an electronic dongle used to plugged into the on-board diagnostic port of more than two million cars and trucks contains few security weaknesses that makes them vulnerable to wireless attacks, resulting in taking control of the entire vehicle. Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles . The little device monitors and tracks users' driving behavior by collecting vehicle location a
More Resources