"Researchers Used a Sirius XM Bug to Easily Hijack a Bunch of Different Cars"

Security researchers have discovered a relatively simple way to take control of Hondas, Nissans, Infinitis, and Acuras through their infotainment systems. According to new research, several major automakers were affected by a previously unknown security flaw that would have allowed a hacker to hijack vehicles and steal user data. The bug was found in the Sirius XM telematics infrastructure and would have allowed a hacker to remotely locate a vehicle, unlock and start it, flash the lights, honk the horn, open the trunk, and access sensitive customer information such as the owner's name, phone number, address, and more. While looking for issues involving major car manufacturers, a group of security researchers uncovered the bug. One of the researchers said he and his friends were curious about the types of problems that could emerge if they examined providers of "telematic services" for carmakers. Most modern automobiles are web-connected computers on wheels. Vehicle data inflows and outflows enable cars to be more convenient and customizable, but they also make them more vulnerable to cyberattacks and remote hijacking. In addition, since car manufacturers have been known to sell vehicle data to surveillance vendors, the telematics industry is also a major privacy risk. The researchers discovered an authentication loophole inside infrastructure provided by the radio giant Sirius XM after exploring code related to various car apps. Sirius XM is found in most car infotainment systems and provides telematic services to most automakers. According to the researchers, Sirius XM is bundled with the vehicle's infotainment system, which can perform actions on the vehicle and communicate with the Sirius XM Application Programming Interface (API) via satellite to the Internet. This means that individual vehicles are sending and receiving data and commands from Sirius XM, and that information can be intercepted under the right conditions. This article continues to discuss the Sirius XM bug that can allow malicious actors to easily hijack different cars.

Gizmodo reports "Researchers Used a Sirius XM Bug to Easily Hijack a Bunch of Different Cars"