Here's how to remotely take over a Ferrari...account, that is

2023-01-07 09:01

Multiple bugs affecting millions of vehicles from almost all major car brands could allow miscreants to perform any manner of mischief - in some cases including full takeovers - by exploiting vulnerabilities in the vehicles' telematic systems, automotive APIs and supporting infrastructure, according to security researchers.

The research builds on Yuga Labs' Sam Curry's earlier car hacking expeditions that uncovered flaws affecting Hyundai and Genesis vehicles, as well as Hondas, Nissans, Infinitis and Acuras via an authorization flaw in Sirius XM's Connected Vehicle Services.

The most serious bugs, at least from a public safety perspective, were found in Spireon, which owns several GPS vehicle tracking and fleet management brands including OnStar, GoldStar, LoJack, FleetLocate, and NSpire spanning 15 million connected vehicles.

Curry and friends also discovered vulnerabilities affecting Porsche's telematics service that allowed them to remotely retrieve vehicle location and send vehicle commands.

Toyota Motor Credit told The Register that it fixed the issue, and noted "This had no connection to Toyota vehicles or how they operate."

A Porsche spokesperson told The Register "The safety and protection of the car software in our vehicles is always a top priority for Porsche."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/07/car_hacking_ferrari_account/