Hackers can exploit car alarm app flaws – Can you protect yourself?
All owners of vehicles using car alarm app systems need to investigate and get their cars checked, just in case.
Pen Test Partners, a white hat hacker group, recently announced that it managed to exploit some critical vulnerabilities that appeared in car alarm apps, with the result being opening the vehicle, listen to what drivers talk and shut down the engine while running.
According to Pen Test Partners founder, Ken Munro, an ad that stated an alarm system could not be hacked is what made the group investigate. As a result, Pandora, which was the vendor that made the claim the system was unhackable, removed the mention from the website.
What Did The White Hat Hackers Find Out?
During tests, the hackers managed to find vulnerabilities that were actually really easy to discover. These vulnerabilities allowed them to access user profiles. All was possible through a “modify user” code request that was not properly checked for a validation purpose.
After gaining access to the system, the entire account was under the control of the hackers. This means that while you are casually enjoying your favorite puzzle games as you wait for your kids to come from school, someone might be poking around the system and make changes like modifying system registered email account or changing some passwords.
Because of having access to the account of a user, the hacker can extract the entire user data. What is particularly discouraging is that testers even managed to stop the vehicle when they wanted to and open doors, thus allowing a really easy hijack. Alarms can be controlled and lights can be flashed while someone drives. It was even possible to clone alarm key fob so a smartphone could then be used to unlock the vehicle whenever desired.
Different vehicles were identified as being at risk, including Range Rover Sport, Mazda 6, Toyota Fortuner, RAV4 and Toyota Prius 50. However, the most intrusive of the vulnerabilities discovered was in Pandora, which allowed the researcher to listen to vehicle occupants through the enabling of the microphone included for emergency phone calls.
What Should You Do?
The good news is that the vulnerabilities were discovered by Pen Test Partners. Vendors were quickly contacted before details of the present vulnerabilities were released. Vulnerabilities are present in the software system so the vendor can quickly change coding. Flaws were reported as being fixed in Pandora and Viper.
The bad news is that the researchers did not actually perform a full interface coding test since this required extra authorization. According to Munro, this means that some other vulnerabilities might be present. Due to this, it is always a good idea to stay up to date to what is reported in the news about your car and your car alarm system. While most manufacturers invest a lot in preventing hacking, sometimes vulnerabilities do pop up.
It is impossible to know whether or not some vehicles were hacked by people that did not have great interest. All owners of vehicles using car alarm app systems need to investigate and get their cars checked, just in case.
- Influencers are turning to their own hackers to combat account theft on Instagram
- Cops, hackers and your mom can unlock your phone with a 3D printed model of your head
- Tips to keep your business safe from hackers
- Hackers could possibly use your computer’s microphone to “see” your screen
- Self-driving cars can be commandeered by both hackers and police
- Hackers in North Korea have stolen millions of dollars from ATMs worldwide