A cyber security firm said that before Hyundai Motor Co fixed the bug in March, the company's vehicles susceptible to theft from high-tech thieves for three months due to software vulnerabilities in a Hyundai app that lets a car be started remotely.
Tod Beardsley, research director with cyber security firm Rapid7 Inc said that car thieves were mad able to locate vulnerable vehicles, unlock and start the vehicles after Hyundai introduced a flaw in a December 8, 2016 update to the mobile app for its Blue Link connected car software.
Hyundai said it moved quickly to fix the problem and confirmed the bug's existence.
Recently, an advisory about the vulnerability was issued by the U.S. Deparment of Homeland Security.
"No known public exploits specifically target these vulnerabilities," the advisory read. "High skill level is needed to exploit."
before Hyundai pushed out the fix to Android and iPhone users in early March, they did not know of any cases of car thieves exploiting the vulnerability, both the company and Beardsley said.
"The issue did not have a direct impact on vehicle safety," said Jim Trainor, a spokesman for Hyundai Motor America. "Hyundai is not aware of any customers being impacted by this potential vulnerability."
following a high-profile recall of Fiat Chrysler vehicles in 2015 and government warnings about the potential for car hacks, the auto industry has bolstered its efforts to secure vehicles from cyber attacks and this bug surfaced even as the auto industry made such efforts.
Due to addition of features like mobile apps that can locate, unlock and start them, the vehicles have grown more complex which has resulted in the risks of thefts getting multiplied in recent years.
"What's changed is not just the presence of all that hackable software, but the volume and variety of remote attack surfaces added to more recent vehicles," said Josh Corman, director of the Atlantic Council's Cyber Statecraft Initiative.
After two security researchers demonstrated that they could get remote control of a Jeep traveling at high speeds, Fiat Chrysler recalled 1.4 million U.S. vehicles in 2015.
Compared to the ones that were uncovered in the Fiat Chrysler vehicles, the Blue Link bug is not as frightening. Beardsley said that a hacker would have to be near the owner of a targeted vehicle who is using the mobile app via an insecure WiFi connection and moving vehicles are not vulnerable to attacks using the Blue Link app.
General Motors Co patched a similar bug in its OnStar vehicle communication system in 2015 that had the potential to let hackers break
(Source:www.reuters.com)
Tod Beardsley, research director with cyber security firm Rapid7 Inc said that car thieves were mad able to locate vulnerable vehicles, unlock and start the vehicles after Hyundai introduced a flaw in a December 8, 2016 update to the mobile app for its Blue Link connected car software.
Hyundai said it moved quickly to fix the problem and confirmed the bug's existence.
Recently, an advisory about the vulnerability was issued by the U.S. Deparment of Homeland Security.
"No known public exploits specifically target these vulnerabilities," the advisory read. "High skill level is needed to exploit."
before Hyundai pushed out the fix to Android and iPhone users in early March, they did not know of any cases of car thieves exploiting the vulnerability, both the company and Beardsley said.
"The issue did not have a direct impact on vehicle safety," said Jim Trainor, a spokesman for Hyundai Motor America. "Hyundai is not aware of any customers being impacted by this potential vulnerability."
following a high-profile recall of Fiat Chrysler vehicles in 2015 and government warnings about the potential for car hacks, the auto industry has bolstered its efforts to secure vehicles from cyber attacks and this bug surfaced even as the auto industry made such efforts.
Due to addition of features like mobile apps that can locate, unlock and start them, the vehicles have grown more complex which has resulted in the risks of thefts getting multiplied in recent years.
"What's changed is not just the presence of all that hackable software, but the volume and variety of remote attack surfaces added to more recent vehicles," said Josh Corman, director of the Atlantic Council's Cyber Statecraft Initiative.
After two security researchers demonstrated that they could get remote control of a Jeep traveling at high speeds, Fiat Chrysler recalled 1.4 million U.S. vehicles in 2015.
Compared to the ones that were uncovered in the Fiat Chrysler vehicles, the Blue Link bug is not as frightening. Beardsley said that a hacker would have to be near the owner of a targeted vehicle who is using the mobile app via an insecure WiFi connection and moving vehicles are not vulnerable to attacks using the Blue Link app.
General Motors Co patched a similar bug in its OnStar vehicle communication system in 2015 that had the potential to let hackers break
(Source:www.reuters.com)
Homepage
Send to a friend
Printable version
Share
