Hacking a Nissan or Honda car to get personal information & find a way to remotely unlock or sound a horn

Modern cars are controlled by computers not only for audio systems and car navigation systems, but also for unlocking and steering, so they are devices that are affected by hacking like PCs and smartphones. A new security researcher, Sam Curry , said, ``How to hack various cars to get the user's personal information, unlock them, identify their location, and sound their horns.'' discovered.

Sirius XM flaw could've let hackers remotely unlock and start cars - The Verge

Telematics services installed in vehicles capture data such as current GPS location and speed measurements, route navigation, and maintenance requirements. Some also offer various smart features such as collision detection, remote engine start, remote locking or unlocking, and theft alerts.

After finding vulnerabilities in the software installed in some cars, Curry said he was interested in where the companies that provide telematics services to various automakers are. After some research, I learned that Sirius XM Radio , known for its satellite radio business, offers an in-vehicle system that integrates music and entertainment services.

Sirius XM Radio says it has won over 15 OEM programs and provides telematics services to over 12 million vehicles, mostly in North America. When Mr. Curry examined the website, he found that Sirius XM Radio provides telematics services to BMW, Honda, Hyundai Motor, Nissan, Jaguar, Subaru, Toyota and others.

After researching the website and reverse engineering an app for customers, we discovered that the domain 'telematics.net' appears to handle the service of registering vehicles with Sirius XM Radio's remote vehicle management feature. He said. With the help of someone who actually owns a Nissan, Curry used the account to dig deeper.

As a result, it was found that the vehicle identification number (VIN) unique to the vehicle was used as the HTTP request identifier.

Mr. Curry succeeded in obtaining the user's name, phone number, address, car details, etc. by making an HTTP request using the VIN.

Additionally, they were able to lock and unlock the vehicle, start the engine, and execute several other vehicle commands using HTTP requests using the VIN. “We were able to command the victim’s vehicle and retrieve user information from their account simply by knowing the VIN number on the windshield,” Curry said.

Mr. Curry, who confirmed that vehicles other than Nissan cars can be hacked in a similar way, reported this problem to Sirius XM Radio. Sirius XM Radio immediately fixed the issue and issued a patch. Lynnsey Ross, a spokesperson for Sirius XM Radio, told foreign media outlet The Verge that 'the problem was resolved within 24 hours of the report being submitted,' and that 'this method allows subscribers and other data to be collected.' was leaked or the account was changed illegally.'

in Software,   Web Service,   Ride,   Security, Posted by log1h_ik