More cyber security flaws exposed as manufacturers connect further
26 April 2017
26 April 2017
A cyber security firm has exposed weaknesses in a mobile app developed by Hyundai, which would allow the remote start function to be hacked by criminals, allowing them to locate, unlock and start vulnerable vehicles.
The company’s app for its Blue Link connected car software was updated in December 2016, with the manufacturer acknowledging the issue and submitting a further fix to address the issues. No vehicles fell foul of the bug between each update.
Jim Trainor, a spokesman for Hyundai, comments: ′The issue did not have a direct impact on vehicle safety. Hyundai is not aware of any customers being impacted by this potential vulnerability.’
Meanwhile, another potential vulnerability has been found in an OBD dongle developed by Bosch, designed to send vehicle information to a smartphone app. Hackers could take control of the vehicle and could even stop the engine through two potential openings. The first involves taking command through Bluetooth if in range of the dongle, the second method relies on obtaining root access on the user’s phone.
This attack is harder to pull off because it relies on social engineering, but once the attacker has access to the phone, he can apply a patch to the Drivelog Connect app and send messages from the user’s device to the car. Bosch has already taken steps to patch the Bluetooth vulnerability while it is working on a patch for the second.
Hackers are finding new ways to wind back the mileage on cars as well, with a report stating that one in 16 vehicles on UK roads features the wrong mileage, thanks to the availability of software online that allows programmers access to the ECU. This can affect used vehicle values and cause dealers and consumers to pay out more than a vehicle is truly worth.
The news comes as manufacturers are facing increased calls to ensure their systems are secure, especially as more and more vehicles are featuring some form of connectivity. Other examples of software invasion includes a cyber expert taking control of a Jeep and a security flaw in some BMWs that allowed thieves to unlock doors.