Categories: Tech

Researchers find serious vulnerabilities in cars and emergency vehicles, including BMW, Mercedes, Honda, Nissan, more

A hot potato: Security researchers discovered severe vulnerabilities last fall that would let hackers steal vehicles and customer data from multiple manufacturers. In a new update, one of the researchers writes that the vulnerabilities are more wide-reaching and can even affect law enforcement and emergency services vehicles.

Multiple vulnerabilities could have let attackers remotely track and control police vehicles, ambulances, and consumer vehicles from various manufacturers, according to researcher Sam Curry’s latest report. The update follows a similar notice from November.

The weak point for the emergency services rigs is the website for the company controlling the GPS and Telematics for over 15 million devices, most of them vehicles –Spireon Systems. The researchers described Spireon’s website as outdated and could log into it with an administrator account with some ingenuity.

From there, they could remotely track and control fleets of police vehicles, ambulances, and business vehicles. Attackers could unlock the cars, start their engines, disable their ignition switches, dispatch navigation commands to entire fleets, and control firmware updates to potentially deliver malware.

Last year, Curry said that SiriusXM’s remote systems vulnerabilities could let hackers steal Acura, Honda, Infiniti, and Nissan vehicles using only each car’s Vehicle Identification Number. They could also access customers’ personal information. The new report reveals similar dangers with Kia, Hyundai, and Genesis models.

Furthermore, misconfigured single sign-on systems let the researchers access BMW, Mercedes Benz, and Rolls Royce internal corporate systems. The flaws didn’t grant direct vehicle access. Still, attackers could have breached internal communications at Mercedes Benz, accessed BMW dealership information, and hijacked any BMW or Rolls Royce employee account. Security holes at Ferrari’s websites also let researchers access administrative privileges and delete all customer information.

The researchers also found that most, if not all, California digital license plates were vulnerable to attackers. After the state legalized digital plates last year, a company called Reviver handled possibly all of them, and security faults emerged in Reviver’s internal systems. Digital license plate holders can use Reviver to update their plates and report them as stolen remotely. However, vulnerabilities allowed attackers to give ordinary Reviver accounts elevated privileges that could track, change, and delete any registrationo in the system.

Curry’s latest blog post extensively details the methodology behind these and other hacks for those interested in the nitty gritty. His team reported the vulnerabilities to the affected companies before disclosure. At least some of them confirmed issuing security patches.

Read More

Greg Aftayev

Greg Aftayev is a Journalist at Flaunt Weekly Covering Tech News.

Share
Published by
Greg Aftayev

Recent Posts

Music titan Quincy Jones dies at 91

Flaunt Weeekly Quincy Jones, the multi-talented music titan whose vast legacy ranged from producing Michael…

56 mins ago

US music giant Quincy Jones dies at 91

Flaunt Weeekly By Seyi Babalola Quincy Jones, a musician and producer who collaborated with Michael…

2 hours ago

Indriza – Ambassador

Flaunt Weeekly DOWNLOAD MP3 SONG ArtistIndrazaProducerFbeatz CategoryNigerian Music GenreRap Released2024 Duration02:31Nigerian rapper, Indrazamakes a triumphant…

2 hours ago

Chioma Adeleke Shows Off Amazing Body And Eye-Catching Curves

Flaunt Weeekly Chioma Adeleke has taken the internet by storm with her eye-catching appearance.The young…

2 hours ago

Your Music & Your Style, How To Discover What Kind Of Listener You Are

Flaunt Weeekly Music means different things to different people. For some, it’s the perfect way…

2 hours ago

‘I don’t like being referred to as underrated artist’ – Waje

Flaunt Weeekly Singer Waje has warned that she dislikes being tagged an “underrated artist.” DAILY…

2 hours ago