Security News > 2022 > December > Hyundai app bugs allowed hackers to remotely unlock, start cars
Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles.
Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "Smart vehicle" platform used in cars from other makers that allowed them to "Remotely unlock, start, locate, flash, and honk" them.
The mobile apps of Hyundai and Genesis, named MyHyundai and MyGenesis, allow authenticated users to start, stop, lock, and unlock their vehicles.
To verify that they could use this access for an attack on the car, they tried to unlock a Hyundai car used for the research.
SiriusXM is, among other things, a vehicle telematics service provider used by more than 15 car manufacturers The vendor claims to operate 12 million connected cars that run over 50 services under a unified platform.
In addition to information disclosure, the requests can also carry commands to execute actions on the cars.