• Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
What's Hot

HP OMEN 35L Gaming Desktop

August 1, 2025

Motorola Moto G56 review: A solid, stylish budget buy

August 1, 2025

Oppo A5 Pro 5G review: Solid but sluggish

August 1, 2025
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
  • Fintech
  • Startup
  • Games
  • Ar & Vr
  • Reviews
  • How To
  • More
    • Mobile Tech
    • Pc & Laptop
    • Security
Behind The ScreenBehind The Screen
Home»Security»Sirius XM flaw could’ve let hackers remotely unlock and start cars
Security

Sirius XM flaw could’ve let hackers remotely unlock and start cars

December 17, 2022No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Sirius XM flaw could’ve let hackers remotely unlock and start cars
Share
Facebook Twitter LinkedIn Pinterest Email

A vulnerability affecting Sirius XM’s linked car providers may’ve let hackers remotely begin, unlock, find, flash the lights, and honk the horn on vehicles. Sam Curry, a safety engineer at Yuga Labs, labored with a gaggle of safety researchers to find the flaw and outlined their findings in a thread on Twitter (via Gizmodo).

Along with offering a satellite tv for pc radio subscription, Sirius XM additionally powers the telematics and infotainment methods utilized by quite a lot of auto producers, together with Acura, BMW, Honda, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota. These methods acquire a complete lot of details about your automobile that’s straightforward to miss — and will pose potential privateness implications. Final 12 months, a report from Vice known as consideration to a spy agency, known as Ulysses, which collected and deliberate to promote over 15 billion telematics-based automobile places to the US authorities.

Whereas telematics methods get hold of information about your automobile’s GPS location, pace, turn-by-turn navigation, and upkeep necessities, sure infotainment setups may monitor name logs, voice instructions, textual content messages, and extra. All of this information permits automobiles to offer “sensible” options, like automated crash detection, distant engine begin, stolen car alerts, navigation, and the flexibility to remotely lock or unlock your automobile. Sirius XM gives all these options and extra, and says over 12 million vehicles on the highway use its linked car methods.

Nevertheless, as Curry demonstrates, dangerous actors can make the most of this technique if the correct safeguards aren’t in place. In an announcement to Gizmodo, Curry says Sirius XM “constructed infrastructure across the sending/receiving of this information and allowed clients to authenticate to it utilizing some type of cell app,” like MyHonda or Nissan Linked. Customers can log into their accounts on these apps, that are linked to their car’s VIN quantity, to execute instructions and acquire details about their vehicles.

See also  What is a cyberattack surface and how can you reduce it?

It’s this technique that would give dangerous actors entry to somebody’s automobile, Curry explains, as Sirius XM makes use of the VIN quantity linked with an individual’s account to relay info and instructions between the app and its servers. By creating an HTTP request to fetch a consumer’s profile with the VIN, Curry says he was capable of get hold of the car proprietor’s identify, telephone quantity, handle, and automobile particulars. He then tried executing instructions utilizing the VIN and found that he may remotely management the car, permitting him to lock or unlock it, begin the automobile, and carry out different capabilities.

Curry says he alerted Sirius XM of the flaw and that the corporate shortly patched it. In an announcement to The Verge, firm spokesperson Lynnsey Ross stated the vulnerability “was resolved inside 24 hours after the report was submitted,” including that “at no level was any subscriber or different information compromised nor was any unauthorized account modified utilizing this technique.”

Individually, Curry uncovered another flaw inside the MyHyundai and MyGenesis apps that would additionally doubtlessly let hackers remotely hijack a car, however says he labored with the automaker to repair the difficulty. In an announcement shared with The Verge by Hyundai spokesperson Ira Gabriel, the corporate confirmed that “Hyundai labored diligently with third-party consultants to research the purported vulnerability as quickly because the researchers introduced it to our consideration.” It additionally notes that “no buyer automobiles or accounts — for both Hyundai or Genesis — had been accessed by others because of the problems raised by the researchers,” and makes it clear that its automobiles weren’t affected by the Sirius XM vulnerability.

See also  Beware of Hackers Posing as Apple Support

White hat hackers have discovered related exploits prior to now. In 2015, a safety researcher uncovered an OnStar hack that would’ve let dangerous actors find a car remotely, unlock its doorways, or begin the automobile. Across the identical time, a report from Wired showed how a Jeep Cherokee might be remotely hacked and managed with somebody on the wheel.

Replace December third, 5:48PM ET: Up to date so as to add an announcement from Sirius XM and Hyundai.

Replace December 4th, 8:25AM ET: Up to date to make clear that the Ulysses spy agency, as reported by Vice, deliberate on promoting over 15 billion telematics-based automobile places.



Source link

cars couldve flaw hackers remotely Sirius start Unlock
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Beware of Hackers Posing as Apple Support

July 11, 2025

FBI Says Hackers Now Targeting Connected Devices in Your Home

June 11, 2025

Are European iPhone Users About to Start Losing Features?

June 3, 2025

AirPlay Has a Serious Security Flaw, But Should You Be Worried?

May 1, 2025
Add A Comment

Comments are closed.

Editors Picks

How IT and procurement can collaborate for a more sustainable future

August 11, 2022

Red Matter 2 Review – An Immersive Answer to Quest’s Arcade Offerings

August 18, 2022

EC urged to rejig green power strategy to include greater use of energy storage tech

July 16, 2022

TikTok Plans Special US App as It Looks to Stay In the Game

July 8, 2025

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

HP OMEN 35L Gaming Desktop

Motorola Moto G56 review: A solid, stylish budget buy

Oppo A5 Pro 5G review: Solid but sluggish

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.fr - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.