Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Hyundai mobile app exposed cars to high-tech thieves — researchers

Reprints
Hyundai mobile app exposed cars to high-tech thieves — researchers

(Reuters) — Software vulnerabilities in a Hyundai Corp. app that lets a car be started remotely made the company's vehicles susceptible to theft from high-tech thieves for three months before the company fixed the bug in March, a cyber security firm said on Tuesday.

Hyundai introduced a flaw in a Dec. 8 update to the mobile app for its Blue Link connected car software that made it possible for car thieves to locate vulnerable vehicles, unlock and start them, said Tod Beardsley, research director with cyber security firm Rapid7 Inc.

Hyundai confirmed the bug's existence and said it moved quickly to fix the problem.

Both the company and Mr. Beardsley said they knew of no cases of car thieves exploiting the vulnerability before Hyundai pushed out a fix to Android and iPhone users in early March.

"The issue did not have a direct impact on vehicle safety," said Jim Trainor, a spokesman for Hyundai Motor America. "Hyundai is not aware of any customers being impacted by this potential vulnerability."

The bug surfaced as the auto industry bolsters efforts to secure vehicles from cyber attacks, following a high-profile recall of Fiat Chrysler vehicles in 2015 and government warnings about the potential for car hacks. Risks have multiplied in recent years as cars have grown more complex, adding features like mobile apps that can locate, unlock and start them.

"What's changed is not just the presence of all that hackable software, but the volume and variety of remote attack surfaces added to more recent vehicles," said Josh Corman, director of the Atlantic Council's Cyber Statecraft Initiative.

Fiat Chrysler recalled 1.4 million U.S. vehicles after two security researchers demonstrated that they could gain remote control of a Jeep traveling at high speeds.

The Blue Link bug is not as frightening as the ones uncovered in the Fiat Chrysler vehicles. Moving vehicles are not vulnerable to attacks using the Blue Link app, and a hacker would have to be near the target vehicle of an owner using the mobile app via an insecure WiFi connection, Mr. Beardsley said.

General Motors Co. patched a similar bug in its OnStar vehicle communication system in 2015 that had the potential to let hackers break into cars.

 

 

 

Read Next

  • Regular risk assessments can help mitigate cyber exposures

    NEW YORK — Employees and third-party services are most likely the weakest links in a company’s cyber security system, but regular risk assessments can help prevent information leaks, a financial services regulatory attorney said last week.