Major security flaws discovered in top luxury cars
According to reports, major security flaws have been discovered in Ferrari, Mercedes and other top luxury cars. The flaw could allow threat actors to steal car owners’ personal identifiable information, track their vehicles, and in many cases unlock and start their cars.
Around two dozen cars Brands were affected by reported errors and including Top brands like Roll Royce, BMW, Porsche, Mercedes-Benz, Ferrari, Jaguar, Ford, KIA, Land Rover, Infiniti, Honda, Hyundai, Acura, Nissan, Genesis and Toyota. And in addition to carmakers, car tech makers Spyron and Reviver as well as SiriusXM, streaming service providers, were also affected.
The errors were discovered by Sam Curry
The aforementioned flaws were discovered by Sam Curry, a cybersecurity researcher with a history of discovering security flaws in connected cars. He discovered a flaw in SiriusXM in early December 2022 that allowed threat actors to access connected vehicles.
and in this case, Different manufacturers had different vulnerabilities. Both BMW and Mercedes-Benz have a flawed single-sign-on (SSO) feature that allows threat actors to gain access to internal systems, thus giving them the necessary access to GitHub instances, servers, private chats, AWS instances, and more. .
Potential attackers, including BMW, could gain access to internal dealer portals, sales documents including vehicle VIN numbers, as well as sensitive owner details.
Other major brands have leaked their personally identifiable information
Besides the two big brands, owners of Honda, Infiniti, KIA, Acura, Mercedes-Benz. Genesis, BMW, Rolls Royce, Ferrari, Ford, Porscheand Toyota vehicles, may have their personally identifiable information (PII) leaked.
Ferrari was also heavily affected, as the SSO flaw allowed threat actors to access, modify or even delete Ferrari customer accounts. The flaw could also set threat actors as the vehicle’s owner. And with Porsche, flaws in its telematics system allowed threat actors to pinpoint the vehicle’s exact location and even send commands to the vehicle.
Affected vendors have been notified of the error and have made corrections
But you should Know that all affected vendors have been notified The findings and errors have also since been corrected.
Spireon, a GPS vehicle tracking provider used in more than 15 million vehicles, allegedly carries a flaw that, among many other things, allows threat actors to unlock vehicles, start the engine or even disable the starter.