hackers found a way to unlock, start cars through sirius xm and hyundai app vulnerability

A white hat hacker — this is essentially a good guy, ethical hacker — named Sam Curry recently uncovered some security vulnerabilities in new cars that would allow him to remotely unlock, start, locate, flash, and honk new cars from numerous manufacturers.

The good news is that the exploits Curry, a security engineer at Yuga Labs, found are already patched, and any unethical hackers wouldn’t be able to use them now. However, that doesn’t take anything away from the fact that security cracks were there beforehand, presenting a risk to those who owned potentially affected cars.

The first hack Curry detailed — he posted detailed walkthroughs on Twitter — used a vulnerability in Sirius XM’s Connected Vehicle services. Turns out, a lot of OEMs use Sirius XM’s Connected Vehicle services to provide remote services to their cars. The list of manufacturers currently using this system includes Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru and Toyota. With so many companies under one roof, it’s all the more important that said roof be secure, because one way in allows a hacker access to multiple car companies at once.

More car hacking!Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.
Here’s how we found it, and how it works: pic.twitter.com/ul3A4sT47k

— Sam Curry (@samwcyo) November 30, 2022

If you speak the language of computers and online security, we recommend you take a look through the Twitter thread from Curry just above. To greatly simplify it, all Curry needed to execute the aforementioned commands on cars using Sirius XM Connected Vehicles services was the VIN of the car. Of course, this took a lot of work to finally get to, the sort of work only experts in this field would be capable of. Curry confirmed that his hack worked on Honda, Acura, Infiniti and Nissan vehicles, but suggested it would also work with the other manufacturers using Sirius XM Connected Vehicles services, too.

We queried Sirius about this hacking activity, and the company sent us a statement in return:

“We take the security of our customers’ accounts seriously and participate in a bug bounty program to help identify and correct potential security flaws impacting our platforms. As part of this work, a security researcher submitted a report to Sirius XM’s Connected Vehicle Services on an authorization flaw impacting a specific telematics program. The issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised nor was any unauthorized account modified using this method.”

Thankfully, this hack originated from the good side of the hacking world. Also, it’s good to see that Sirius took the security flaw seriously, then went to work remedying the issue right away to ensure it couldn’t be replicated by any nefarious actors. Hacking Sirius XM wasn’t the only car-related exploit Curry tackled as of late, though. Hyundai’s vehicle smartphone app was also under the scope.

Instead of attacking the problem from the bigger umbrella with Sirius XM’s services, Curry directed his attention to the Hyundai mobile vehicle app itself … and he found a way in. This time, all Curry needed was the email address of the vehicle owner. With this information, Curry was able to write a script that would unlock access to all the vehicle commands one might be able to execute from your Hyundai smartphone app. Specifically, it worked on Hyundai and Genesis models made from 2012 or newer. The example car that Curry used is the latest generation of the Hyundai Elantra. Curry was able to remotely control the locks, engine, horn, headlights, and trunk. Similar to the Sirius XM exploit, we’d suggest reading through the below Twitter thread to get all the details on how Curry went about hacking the app

We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.
To explain how it worked and how we found it, we have @_specters_ as our mock car thief: pic.twitter.com/WWyY6vFoAF

— Sam Curry (@samwcyo) November 29, 2022

We asked Hyundai about this hacking activity tand received a company statement in return:

“Hyundai worked diligently with third-party consultants to investigate the purported vulnerability as soon as the researchers brought it to our attention. Importantly, other than the Hyundai vehicles and accounts belonging to the researchers themselves, our investigation indicated that no customer vehicles or accounts were accessed by others as a result of the issues raised by the researchers.

“We also note that in order to employ the purported vulnerability, the e-mail address associated with the specific Hyundai account and vehicle as well as the specific web-script employed by the researchers were required to be known. Nevertheless, Hyundai implemented countermeasures within days of notification to further enhance the safety and security of our systems.

“We value our collaboration with security researchers and appreciate this team’s assistance.”

Similar to Sirius XM, Hyundai looks to have taken the security flaw seriously and patched it to ensure this can’t be replicated. Both the Hyundai-specific and Sirius XM hacks here are examples of good bug bounty hunting by good actors, but they also serve as examples of the risks we’re exposed to by having cars that are constantly connected to the internet. The convenience of being able to lock your car from halfway across the country is a nice one, but it’s important to remember that if something is connected to the internet, it’s hackable. OEMs know this, and they treat cybersecurity very seriously, but the threat of bad actors out there still looms large as our vehicles become more and more intertwined with online and connected services.

Keyword: Hackers found a way to unlock, start cars through Sirius XM and Hyundai app vulnerability

CAR'S NEWS RELATED

Loose USB-A ports in my Hyundai i20: Want to switch to USB-C ports

I use them for charging and Apple CarPlay but they become loose and the connection gets lost while going through small rough patches. BHPian Nicky recently shared this with other enthusiasts. Hello all, I have a Hyundai i20 that I bought in 2020. It comes with USB-A ports for ...

View more: Loose USB-A ports in my Hyundai i20: Want to switch to USB-C ports

Hyundai to suspend operations at its main factory to bolster electric vehicle production

South Korea’s largest automaker, Hyundai Motor, is bolstering EV production despite rumors that the market is slowing. The automaker revealed plans to suspend operations at its main factory in South Korea as it shifts its focus toward EVs. On Monday, Hyundai said it will temporarily suspend activities at its ...

View more: Hyundai to suspend operations at its main factory to bolster electric vehicle production

2024 Hyundai Ioniq 5 Prices Slightly Increased Compared To 2023

This year, sales of the Ioniq 5 in the U.S. will easily exceed 30,000.

View more: 2024 Hyundai Ioniq 5 Prices Slightly Increased Compared To 2023

Kia Sonet Vs Hyundai Creta Price, Engine Specs & Dimensions Comparison

Kia Sonet Vs Hyundai Creta Price, Engine Specs & Dimensions Comparison In this Kia Sonet vs Hyundai Creta comparison, we’ll look at the variant-wise prices, engine specs, dimensions and features to help you decide which car you should buy. Kia Sonet Vs Hyundai Creta Price Comparison Let’s first look at ...

View more: Kia Sonet Vs Hyundai Creta Price, Engine Specs & Dimensions Comparison

Does the Hyundai Tucson N Line come in automatic?

The flagship Hyundai Tucson with N Line treatment, so expect a sporty derivative with some show, some go and some handling. Does it come in automatic, though? The Hyundai Tucson receives the N Line treatment with the triple combo of cosmetics, handling tweaks and a proper drivetrain. Chad Lückhoff has ...

View more: Does the Hyundai Tucson N Line come in automatic?

Hyundai Motor to halt Asan factory in S.Korea for EV factory construction

Companies Hyundai Motor Co SEOUL, Nov 27 (Reuters) – Hyundai Motor Co (005380.KS) plans to halt its factory in Asan, South Korea, to construct an electric vehicle plant in the period between Dec 31. 2023 to Feb. 13 2024, the South Korean automaker said in a regulatory filing on ...

View more: Hyundai Motor to halt Asan factory in S.Korea for EV factory construction

Hyundai IONIQ 5 Goes On 2,751km Southeast Asia Tour

Hyundai Motor Company has sent the Hyundai IONIQ 5 EV on a 2,751 km tour across Southeast Asia. The Hyundai “Go Far with Zero Worries” IONIQ 5 ASEAN Tour was flagged off from the Hyundai Motor Group Innovation Center Singapore (HMGICS) on 20 November 2023, and made a stop in ...

View more: Hyundai IONIQ 5 Goes On 2,751km Southeast Asia Tour

Affordable hatchbacks with the best warranties in South Africa

Long-term value Suzuki S-Presso Suzuki Celerio Toyota Vitz Renault Kwid Suzuki Swift Kia Picanto Hyundai Grand i10 Suzuki Baleno Toyota Starlet VW Polo Vivo Fiat 500 TwinAir The cost of living is skyrocketing in South Africa with fuel prices at an all-time high while food, rent, and other expenses ...

View more: Affordable hatchbacks with the best warranties in South Africa

Hyundai Ioniq 5 sales cross the 1,000 unit mark in India

Drove the 2023 i20 N-Line: 2 immediate improvements noticed by me

5 car brands South Africa’s middle class loves

Hyundai Venue N-Line Vs Renault Triber Price, Engine Specs & Dimensions Comparison

All-new Hyundai Tucson now in Malaysia from RM158,888

8 years & 47,000 km with my Verna petrol: Overall mileage & upkeep cost

USA: Hyundai beats GM & Ford in Q3 2023 for EV sales

Check Out The 2024 Hyundai Santa Fe's Cleverly Integrated Grab Handle

Hyundai Tucson facelift revealed – When it’s coming to South Africa

Automatic crossovers competing against the new Nissan Magnite EZ-Shift

UAW win helps nonunion workers too as VW, Hyundai, Toyota, Honda hike pay

Hyundai IONIQ 6 N is coming soon as the brand’s most powerful vehicle ever

OTHER CAR NEWS

; Top List in the World https://www.pinterest.com/newstopcar/pins/
Top Best Sushi Restaurants in SeoulTop Best Caribbean HoneymoonsTop Most Beautiful Islands in PeruTop Best Outdoor Grill BrandsTop Best Global Seafood RestaurantsTop Foods to Boost Your Immune SystemTop Best Foods to Fight HemorrhoidsTop Foods That Pack More Potassium Than a BananaTop Best Healthy Foods to Gain Weight FastTop Best Cosmetic Brands in the U.STop Best Destinations for Food Lovers in EuropeTop Best Foods High in Vitamin ATop Best Foods to Lower Your Blood SugarTop Best Things to Do in LouisianaTop Best Cities to Visit in New YorkTop Best Makeup Addresses In PennsylvaniaTop Reasons to Visit NorwayTop Most Beautiful Islands In The WorldTop Best Law Universities in the WorldTop Richest Sportsmen In The WorldTop Biggest Aquariums In The WorldTop Best Peruvian Restaurants In MiamiTop Best Road Trips From MiamiTop Best Places to Visit in MarylandTop Best Places to Visit in North CarolinaTop Best Electric Cars For KidsTop Best Swedish Brands in The USTop Best Skincare Brands in AmericaTop Best American Lipstick BrandsTop Michelin-starred Restaurants in MiamiTop Best Secluded Getaways From MiamiTop Best Things To Do On A Rainy Day In MiamiTop Most Instagrammable Places In MiamiTop Interesting Facts about FlorenceTop Facts About The First Roman Emperor - AugustusTop Best Japanese FoodsTop Most Beautiful Historical Sites in IsraelTop Best Places To Visit In Holy SeeTop Best Hawaiian IslandsTop Reasons to Visit PortugalTop Best Hotels In L.A. With Free Wi-FiTop Best Scenic Drives in MiamiTop Best Vegan Restaurants in BerlinTop Most Interesting Attractions In WalesTop Health Benefits of a Vegan DietTop Best Thai Restaurant in Las VegasTop Most Beautiful Forests in SwitzerlandTop Best Global Universities in GermanyTop Most Beautiful Lakes in GuyanaTop Best Things To Do in IdahoTop Things to Know Before Traveling to North MacedoniaTop Best German Sunglasses BrandsTop Highest Mountains In FranceTop Biggest Hydroelectric Plants in AmericaTop Best Spa Hotels in NYCTop The World's Scariest BridgeTop Largest Hotels In AmericaTop Most Famous Festivals in JordanTop Best European Restaurants in MunichTop Best Japanese Hiking Boot BrandsTop Best Universities in PolandTop Best Tips for Surfing the Web Safely and AnonymouslyTop Most Valuable Football Clubs in EuropeTop Highest Mountains In ColombiaTop Real-Life Characters of Texas RisingTop Best Beaches in GuatelamaTop Things About DR Congo You Should KnowTop Best Korean Reality & Variety ShowsTop Best RockstarsTop Most Beautiful Waterfalls in GermanyTop Best Fountain Pen Ink BrandsTop Best European Restaurants in ChicagoTop Best Fighter Jets in the WorldTop Best Three-Wheel MotorcyclesTop Most Beautiful Lakes in ManitobaTop Best Dive Sites in VenezuelaTop Best Websites For Art StudentsTop Best Japanese Instant Noodle BrandsTop Best Comedy Manhwa (Webtoons)Top Best Japanese Sunglasses BrandsTop Most Expensive Air Jordan SneakersTop Health Benefits of CucumberTop Famous Universities in SwedenTop Most Popular Films Starring Jo Jung-sukTop Interesting Facts about CougarsTop Best Hospitals for Hip Replacement in the USATop Most Expensive DefendersTop Health Benefits of GooseberriesTop Health Benefits of ParsnipsTop Best Foods and Drinks in LondonTop Health Benefits of Rosehip TeaTop Best Air Fryers for Low-fat CookingTop Most Asked Teacher Interview Questions with AnswersTop Best Shopping Malls in ZurichTop The Most Beautiful Botanical Gardens In L.A.Top Best Mexican Restaurants in Miami for Carb-loading rightTop Best Energy Companies in GermanyTop Best Garage HeatersTop Largest Banks in IrelandTop Leading Provider - Audit and Assurance In The USTop Best Jewelry Brands in IndiaTop Prettiest Streets in the UKTop Best Lakes to Visit in TunisiaTop Highest Mountains in Israel