Security Issue in the Vehicle Telematics Service Allows Anyone to Remotely Operate Cars: Finding by a Team of Cyber Security Researchers
Having a car that can be operated remotely is probably a premium feature in many popular cars. But what if someone else could operate your vehicle easily from anywhere?
A group of cyber security researchers recently found an issue in the vehicle telematics service of most cars which can allow anyone to remotely control your car’s horn, locks, headlights, boot, and engine. Here’s what they found out.
The Cyber Security Issue Affecting Cars from Hyundai and Genesis
Sam Curry, a Cyber Security Researcher along with his team were able to find out that cars from Hyundai and Genesis have an issue with their vehicles’ telematics service which allowed them to execute all kinds of functions on their car remotely.
The mobile app of both the Hyundai and Genesis allowed the authenticated users to perform functions like start, stop, lock and unlock their vehicles. The first thing the researchers did was to evaluate the app using the Burp Suite application security software.
On further research, the team was able to find out that the app server didn’t require its users to confirm their email addresses. By adding a CRLF character at the end of the email address, they were able to bypass the app server.
By sending an HTTP request they were also able to get a list of vehicles connected to the account. It returned the vehicle identification number (VIN) which allowed them access to perform actions on the vehicle.
With their tampered JSON Web Token(JWT), the researchers were able to take full control over the accounts and vehicles of all the remotely operated Hyundai and Genesis vehicles.
Compiling all the necessary requests to perform the action, the researchers also made a python script that only required the email address to perform the action.
The team informed Hyundai about the issue in their vehicles’ telematics service and was able to work with them to fix the issue.
More Car Hacking on Cars from Honda, Nissan, Infiniti, and Acura
The team of researchers was also able to remotely operate vehicles from Honda, Nissan, Infiniti, and Acura with just their VIN.
On researching the team found out that SiriusXM offered telematic services to a number of car brands which included Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.
The first step the team took was to search for all the domains owned by SiriusXM and was able to find a domain called telematics.net which handled the service for enrolling vehicles to SiriusXM’s remote management functionality.
There were a lot of references to the NissanConnect app and the team started working on it.
By altering the vehicle identification number (VIN) as the customer ID they were able to collect information which included the owner’s name, phone number, address, and all the other necessary car details. This allowed them to easily execute commands on the car.
With just the vehicle identification number (VIN) on the windshield of the car, a person can access the car’s remote features and perform various operations.
The team also performed the same operations on Honda, Infiniti, and Acura vehicles and were able to access its remote features.
The team informed SiriusXM about the issue and was able to fix it immediately.