Breaking News

JCB Phone Launches New Rugged Smartphone Range to Power Global Expansion Sharkoon announces SKILLER SGK50 Wood Series TAMRON announces Ultra Wide-Angle 16-30mm F2.8 G2 Zoom Lens New Lexar ES5 Magnetic Portable SSD is A Game-Changer for Creators On-the-Go COLORFUL Launches iGame GeForce RTX 5050 Series Graphics Cards

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Smart Car Alarm Systems Could Be Easily Hacked

Smart Car Alarm Systems Could Be Easily Hacked

Enterprise & IT Mar 8,2019 0

Two of the largest aftermarket alarm systems were found to have critical security flaws that put three million vehicles globally at risk of being hijacked, research by Pen Test Partners reveals.

The research firm tested products from car alarm vendors Viper (branded ‘Clifford’ in the UK) and Pandora. These represent two of the largest car alarm brands globally.

They found that those alarms can expose you to hijack, may allow your engine to be stopped whilst driving and it may even be possible to steal vehicles as a result.

The security flaws allowed:

  • The car to be geo-located in real time
  • The car type and owner’s details to be identified
  • The alarm to be disabled
  • The car to be unlocked
  • The immobiliser to be enabled and disabled
  • In some cases, the car engine could be ‘killed’ whilst it was driving
  • One alarm brand allowed drivers to be ‘snooped’ on through a microphone
  • Depending on the alarm, it may also be possible to steal vehicles

The flaws affected alarm systems that enable control of connected cars via associated smartphone apps. The vulnerabilities are relatively straightforward insecure direct object references (IDORs) in the API. The researchers found that both apps’ APIs failed to properly authenticate some requests, notably requests to change the password or email address. This paved the way for a full-on account takeover.

"Simply by tampering with parameters, one can update the email address registered to the account without authentication, send a password reset to the modified address (i.e. the attacker’s) and take over the account," thr researcher said.

They also found that it is possible to geo-locate and follow a specific vehicle, then cause it to stop and unlock the doors.

Additionally, the researchers said that anyone could simply set up a test account to compromise a genuine account. “Both products allow anyone to create a test/demo account. With that demo account it’s possible to access any genuine account and retrieve their details,” according to Pen Test Partners, who called the flaws “easy to find, easy to fix”.

The two companies acknowledged the bugs and patched them within days of receiving the alerts.

Tags: SecurityHacking
Previous Post
Warren’s Smart Tech Plan Includes Breaking up of Google, Facebook and Amazon
Next Post
Google Assistant For Smart Displays Now Supports Continued Conversations

Related Posts

  • MSI has been hacked, be warned about where you download files

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • Samsung Develops New Security Chip For Mobile Devices

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Samsung Says Your Galaxy S20’s Secure Processor Protects it Against Hardware Attacks

  • SK Telecom and Samsung Unveil the First QRNG-Powered 5G Smartphone

Latest News

JCB Phone Launches New Rugged Smartphone Range to Power Global Expansion
Smartphones

JCB Phone Launches New Rugged Smartphone Range to Power Global Expansion

Sharkoon announces SKILLER SGK50 Wood Series
PC components

Sharkoon announces SKILLER SGK50 Wood Series

TAMRON announces Ultra Wide-Angle 16-30mm F2.8 G2 Zoom Lens
Cameras

TAMRON announces Ultra Wide-Angle 16-30mm F2.8 G2 Zoom Lens

New Lexar ES5 Magnetic Portable SSD is A Game-Changer for Creators On-the-Go
Smartphones

New Lexar ES5 Magnetic Portable SSD is A Game-Changer for Creators On-the-Go

COLORFUL Launches iGame GeForce RTX 5050 Series Graphics Cards
GPUs

COLORFUL Launches iGame GeForce RTX 5050 Series Graphics Cards

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Soundpeats Pop Clip

Soundpeats Pop Clip

Noctua NH-D15 G2

Noctua NH-D15 G2

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed