Skip to main content

Black Listed News
Trending Articles:
Trending Articles:

'Smart' Car Alarm App Could Allow 3 Million Cars To Be Unlocked Remotely - Slashdot

Published: March 10, 2019
Share | Print This

Source: slashdot

"Two popular smart alarm systems for cars had major security flaws that allowed potential hackers to track the vehicles, unlock their doors and, in some cases, cut off the engine," reports CNET:

The vulnerabilities could be exploited with two simple steps, security researchers from Pen Test Partners, who discovered the flaw, said Friday. The problems were found in alarm systems made by Viper [known as Clifford in the U.K.] and Pandora Car Alarm System, two of the largest smart car alarm makers in the world. The two brands have as many as 3 million customers between them and make high-end devices that can cost thousands...

Both apps' API didn't properly authenticate for update requests, including requests to change the password or email address. Ken Munro, founder of Pen Test Partners, said that all his team needed to do was send the request to a specific host URL and they were able to change an account's password and email address without notifying the victim that anything happened. Once they had access to the account, the researchers had full control of the smart car alarm. This allowed them to learn where a car was and unlock it. You don't have to be near the car to do this, and the accounts can be taken over remotely, Munro said. Potential attackers could also use the apps' API to target specific types of cars, the security researcher added...

Pandora's alarm system also contained a microphone that would've allowed potential hackers to listen in on live audio, the security company found.

Both companies fixed the issue in less than a week, CNET reports, possibly due to the seriousness of the issue. In a video demonstrating the severity of the bug, security researcher Munro even uses the driver's app to set off a car's alarms remotely. When that driver began pulling over, Munro then used the app to cut off the car's engine. "So simple, so serious," he said.

ZDNet notes that one of the companies had been advertising their "smart" alarms as "unhackable".

Share This Article...

Image result for patreon

Emigrate While You Still Can!


Image result for patreon


Ad Blocking software disables some of the functionality of our website, including our comments section for some browsers.

Login with patreon to gain access to perks!


Enter your email address:

More Blacklisted News...

Blacklisted Radio
Blacklisted Nation
On Patreon
On Gab
On Twitter
On Reddit
On Facebook
Blacklisted Radio:
Republic Broadcasting
Podcasts on Youtube
Podcasts on Demand
On Iheart Radio
On Spreaker
On Stitcher
On iTunes
On Tunein

Our IP Address:

Garden office


Advertise Here...

BlackListed News 2006-2019
Privacy Policy
D.M.C.A. - Fair Use