New Bug in Smart Car System Been Hacked and Demonstrated: Unhackable Got Hacked
International Security Researches have found bugs and vulnerabilities in very famous car alarm systems that pose risk for 5 million Cars user all over the world.
Vulnerable Alarm Systems affected by these attacks are :
Above alarming systems which are been used in cars are vulnerable to attacks. Attackers could do these things:
- Unlock Car
- See Real-time location of the user
- Switching off Car Engine while driving
- Disabling Car Alarming System
- Take ownership of the car driving.
Where was the bug?
- In viper ‘modify user’ API parameter was having issues.
- Pandora was having issues the IDOR on POST request caused an issue.(Attacker were able to reset their email password with post request thus gaining access to the application functions of the car)
Finally Both the Vulnerabilities and Bugs are been Patched by the Vendor after sucessfull Disclosure of the bug to vendor by security experts.