Here’s how to remotely takeover a Ferrari…account, that is

Multiple bugs affecting millions of vehicles from almost all major car brands could allow miscreants to perform any manner of mischief — in some cases including full takeovers —  by exploiting vulnerabilities in the vehicles’ telematic systems, automotive APIs and supporting infrastructure, according to security researchers.

Specifically, the vulnerabilities affect Mercedes-Benz, BMW, Rolls Royce, Ferrari, Ford, Porsche, Toyota, Jaguar and Land Rover, plus fleet management company Spireon and digital license plate company Reviver. 

The research builds on Yuga Labs’ Sam Curry’s earlier car hacking expeditions that uncovered flaws affecting Hyundai and Genesis vehicles, as well as Hondas, Nissans, Infinitis and Acuras via an authorization flaw in Sirius XM’s Connected Vehicle Services.

All of the bugs have since been fixed.

“The affected companies all fixed the issues within one or two days of reporting,” Curry told The Register. ” We worked with all of them to validate them and make sure there weren’t any bypasses.”

The most serious bugs, at least from a public safety perspective, were found in Spireon, which owns several GPS vehicle tracking and fleet management brands including OnStar, GoldStar, LoJack, FleetLocate, and NSpire spanning 15 million connected vehicles.

Spireon, it turns out, would have been a treasure trove for miscreants. Curry and the team discovered multiple vulnerabilities in SQL injection and authorization bypass to perform remote code execution across all of Spireon and fully take over any fleet vehicle. 

“This would’ve allowed us to track and shut off starters for police, ambulances, and

Read more

Explore the site

More from the blog

Latest News