Hyundai App Vulnerabilities

[Cyker]

See, this sort of thing is why I don't want my car to be 'connected to the cloud'!!!

https://www.bleepingcomputer.com/news/security/hyundai-app-bugs-allowed-hackers-to-remotely-unlock-start-cars/

[Big_D]

Vert interesting article. Makes you think

[Bper]

This issue has been around for years, the ability to unlock and start cars via hacking will continue no matter how smart electronic car systems become. For every piece of coded software there will aways be a backdoor for hackers to infiltrate. 

Sophisticated remote signalling allows easy bypasses to the cars ECU and to disable alarm systems.

This software has been out there for a long time  if you know where to look and is frequently updated as the cars software gets upgraded.

I know it isn't comforting but it is the reality of modern systems. Main frame computer's are hacked every day regardless of the most sophisticated firewalls. So if you look at this with an open mind you see just how easy it is to hack these small car alarm and immobiliser systems .

If a car thiefs wants your car they will .😠

 

 

[Corollanutter]

Totally correct Bob. I worked in car security for many years for some of the major OEM suppliers of security products to the car manufacturers. Back in 1988 I worked on the electronics for the “Security Concept Car” together with Rover Group and the Government. Some of the cutting edge systems on that car made their way into production in the following years - such as key-head immobiliser, deadlocking / double locking of the doors, smart ultrasonic alarms, multiple VINS etc etc.- all of which helped to reduce the incidence of car theft. However, at the end of the day, we are trying to protect a metal box with glass windows, which can ultimately be picked up and spirited away. Back in the 90’s car theft was almost unheard of in Japan and we had quite a task on our hands to make the Japanese car designers understand how ingenious thieves could be - even in those far off times. I’m sure things are different now. As technology has progressed, so has the ingenuity of the thieves. The main problem with OEM security is that it is baked into the car design some 2-3 years before the vehicle is launched. In that time, technology - and thieves methods - have continued to move on. All we can do is to make our own cars less of a target for the thieves - and hopefully make them move on to someone else’s car. 

[Cyker]

The thing that annoys me is nobody does security properly - It's an afterthought.

If you're serious about security, the first and most important place to start is reducing your attack surface - It's much easier to concentrate work on a few points of entry rather than thousands of them - but everything, esp. in the computing sector, but also cars apparently, does it backwards, go mad with the features and entry-points then try and secure them afterwards.

It's like how Samsung boast about how secure their internet-connected 'Smart' TVs and 'Smart' Washing Machines are, yet they are vastly more vulnerable to attack than my ancient 'normal' TV and 'normal' washing machine, because they aren't connected to the internet in the first place...