Hacking a Nissan or Honda car to get personal information & find a way to remotely unlock or sound a horn
Modern cars are controlled by computers not only for audio systems and car navigation systems, but also for unlocking and steering, so they are devices that are affected by hacking like PCs and smartphones. A new security researcher, Sam Curry , said, ``How to hack various cars to get the user's personal information, unlock them, identify their location, and sound their horns.'' discovered.
More car hacking!—Sam Curry (@samwcyo) November 30, 2022
Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.
Here's how we found it, and how it works: pic.twitter.com/ul3A4sT47k
Sirius XM flaw could've let hackers remotely unlock and start cars - The Verge
Telematics services installed in vehicles capture data such as current GPS location and speed measurements, route navigation, and maintenance requirements. Some also offer various smart features such as collision detection, remote engine start, remote locking or unlocking, and theft alerts.
After finding vulnerabilities in the software installed in some cars, Curry said he was interested in where the companies that provide telematics services to various automakers are. After some research, I learned that Sirius XM Radio , known for its satellite radio business, offers an in-vehicle system that integrates music and entertainment services.
After finding individual vulnerabilities affecting different car companies, we became interested in finding out who exactly was providing the auto manufacturers telematic services.—Sam Curry (@samwcyo) November 30, 2022
We thought it was likely there was a company who provided multiple automakers telematic solutions.pic.twitter.com/KNqVRplc94
Sirius XM Radio says it has won over 15 OEM programs and provides telematics services to over 12 million vehicles, mostly in North America. When Mr. Curry examined the website, he found that Sirius XM Radio provides telematics services to BMW, Honda, Hyundai Motor, Nissan, Jaguar, Subaru, Toyota and others.
We found the SiriusXM Connected Vehicle website and noticed the following quote:—Sam Curry (@samwcyo) November 30, 2022
'[SiriusXM] is a leading provider of connected vehicles services to Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.'
So many brands under one roof! pic.twitter.com/uw1321BFyD
After researching the website and reverse engineering an app for customers, we discovered that the domain 'telematics.net' appears to handle the service of registering vehicles with Sirius XM Radio's remote vehicle management feature. He said. With the help of someone who actually owns a Nissan, Curry used the account to dig deeper.
As a result, it was found that the vehicle identification number (VIN) unique to the vehicle was used as the HTTP request identifier.
It returned '200 OK' and returned a bearer token! This was exciting, we were generating some token and it was indexing the arbitrary VIN as the identifier.—Sam Curry (@samwcyo) November 30, 2022
To make sure this wasn't related to our session JWT, we completely dropped the Authorization parameter and it still worked! pic.twitter.com/zCdCHQfCcY
Mr. Curry succeeded in obtaining the user's name, phone number, address, car details, etc. by making an HTTP request using the VIN.
We took the authorization bearer and used it in an HTTP request to fetch the user profile.—Sam Curry (@samwcyo) November 30, 2022
The response contained the victim's name, phone number, address, and car details.
At this point, we made a simple python script to fetch the customer details of any VIN number. pic.twitter.com/J2eK5Y3qAB
Additionally, they were able to lock and unlock the vehicle, start the engine, and execute several other vehicle commands using HTTP requests using the VIN. “We were able to command the victim’s vehicle and retrieve user information from their account simply by knowing the VIN number on the windshield,” Curry said.
We continued to escalate this and found the HTTP request to run vehicle commands.—Sam Curry (@samwcyo) November 30, 2022
This also worked!
We could execute commands on vehicles and fetch user information from the accounts by only knowing the victim's VIN number, something that was on the windshield.pic.twitter.com/TrEqbIrSEU
Mr. Curry, who confirmed that vehicles other than Nissan cars can be hacked in a similar way, reported this problem to Sirius XM Radio. Sirius XM Radio immediately fixed the issue and issued a patch. Lynnsey Ross, a spokesperson for Sirius XM Radio, told foreign media outlet The Verge that 'the problem was resolved within 24 hours of the report being submitted,' and that 'this method allows subscribers and other data to be collected.' was leaked or the account was changed illegally.'
in Software, Web Service, Ride, Security, Posted by log1h_ik