Investing.com - Financial Markets Worldwide
Get 40% Off
Get 40% Off
🚨 Volatile Markets? Find Hidden Gems for Serious Outperformance
Find Stocks Now

Hyundai mobile app exposed cars to high-tech thieves -researchers

Published 2017-04-25, 09:05 a/m
© Reuters. Hyundai mobile app exposed cars to high-tech thieves -researchers

By Alastair Sharp

TORONTO, April 25 (Reuters) - Software vulnerabilities in a Hyundai Corp 011760.KS app that lets a car be started remotely made the company's vehicles susceptible to theft from high-tech thieves for three months before the company fixed the bug in March, a cyber security firm said on Tuesday.

Hyundai introduced a flaw in a Dec. 8 update to the mobile app for its Blue Link connected car software that made it possible for car thieves to locate vulnerable vehicles, unlock and start them, said Tod Beardsley, research director with cyber security firm Rapid7 Inc RPD.O .

Hyundai confirmed the bug's existence and said it moved quickly to fix the problem.

Both the company and Beardsley said they knew of no cases of car thieves exploiting the vulnerability before Hyundai pushed out a fix to Android and iPhone users in early March.

"The issue did not have a direct impact on vehicle safety," said Jim Trainor, a spokesman for Hyundai Motor America. "Hyundai is not aware of any customers being impacted by this potential vulnerability."

The bug surfaced as the auto industry bolsters efforts to secure vehicles from cyber attacks, following a high-profile recall of Fiat Chrysler FCHA.MI vehicles in 2015 and government warnings about the potential for car hacks. Risks have multiplied in recent years as cars have grown more complex, adding features like mobile apps that can locate, unlock and start them.

"What's changed is not just the presence of all that hackable software, but the volume and variety of remote attack surfaces added to more recent vehicles," said Josh Corman, director of the Atlantic Council's Cyber Statecraft Initiative.

3rd party Ad. Not an offer or recommendation by Investing.com. See disclosure here or remove ads .

Fiat Chrysler recalled 1.4 million U.S. vehicles after two security researchers demonstrated that they could gain remote control of a Jeep traveling at high speeds.

The Blue Link bug is not as frightening as the ones uncovered in the Fiat Chrysler vehicles. Moving vehicles are not vulnerable to attacks using the Blue Link app, and a hacker would have to be near the target vehicle of an owner using the mobile app via an insecure WiFi connection, Beardsley said.

General Motors (NYSE:GM) Co's GM.N patched a similar bug in its OnStar vehicle communication system in 2015 that had the potential to let hackers break into cars.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.