Reuters is running a story that details a security flaw in Hyundai’s mobile app, that allows a car to be started remotely. That in turn made vehicles susceptible to theft from high-tech thieves for three months before the company fixed the bug in March:
Hyundai introduced a flaw in a Dec. 8 update to the mobile app for its Blue Link connected car software that made it possible for car thieves to locate vulnerable vehicles, unlock and start them, said Tod Beardsley, research director with cyber security firm Rapid7 Inc.
Hyundai confirmed the bug’s existence and said it moved quickly to fix the problem.
Both the company and Beardsley said they knew of no cases of car thieves exploiting the vulnerability before Hyundai pushed out a fix to Android and iPhone users in early March.
“The issue did not have a direct impact on vehicle safety,” said Jim Trainor, a spokesman for Hyundai Motor America. “Hyundai is not aware of any customers being impacted by this potential vulnerability.”
It’s the potential for stuff like this that made my wife and I decide to avoid any vehicle with Internet connectivity when we were shopping for a new vehicle. Because when you connect anything to the Internet, a light switch, a TV or a car, the possibility of said device to be pwned by hackers exists. The scary thing is, this report isn’t that bad in the grand scheme of things. As evidence, I will present to you the Jeep hack which hackers as a proof of concept took complete control of the vehicle remotely via the Internet connected infotainment system. Steering, brakes, everything. That led to a recall to fix the issue.
One other thing. The fact that it took three months to fix this is problematic. With security issues the turnaround has to be quick to protect users. The thing is that Hyundai is a car company and not a security company. Thus this is new to them and I am willing to cut them some degree of slack. And what I just said can be applied to any car company not named Tesla who has this process nailed down. All of them need to raise their game and think and act like software companies. Otherwise something catastrophic is going to happen to them and their customers.
UPDATE: A reader asked me if this affects Canadians. It does not as Blue Link is currently only available in the United States.
Like this:
Like Loading...
Related
This entry was posted on April 25, 2017 at 3:56 pm and is filed under Commentary with tags Hyundai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Flaw In Hyundai Mobile App Allowed For Car Theft For Three Months Before Being Fixed
Reuters is running a story that details a security flaw in Hyundai’s mobile app, that allows a car to be started remotely. That in turn made vehicles susceptible to theft from high-tech thieves for three months before the company fixed the bug in March:
Hyundai introduced a flaw in a Dec. 8 update to the mobile app for its Blue Link connected car software that made it possible for car thieves to locate vulnerable vehicles, unlock and start them, said Tod Beardsley, research director with cyber security firm Rapid7 Inc.
Hyundai confirmed the bug’s existence and said it moved quickly to fix the problem.
Both the company and Beardsley said they knew of no cases of car thieves exploiting the vulnerability before Hyundai pushed out a fix to Android and iPhone users in early March.
“The issue did not have a direct impact on vehicle safety,” said Jim Trainor, a spokesman for Hyundai Motor America. “Hyundai is not aware of any customers being impacted by this potential vulnerability.”
It’s the potential for stuff like this that made my wife and I decide to avoid any vehicle with Internet connectivity when we were shopping for a new vehicle. Because when you connect anything to the Internet, a light switch, a TV or a car, the possibility of said device to be pwned by hackers exists. The scary thing is, this report isn’t that bad in the grand scheme of things. As evidence, I will present to you the Jeep hack which hackers as a proof of concept took complete control of the vehicle remotely via the Internet connected infotainment system. Steering, brakes, everything. That led to a recall to fix the issue.
One other thing. The fact that it took three months to fix this is problematic. With security issues the turnaround has to be quick to protect users. The thing is that Hyundai is a car company and not a security company. Thus this is new to them and I am willing to cut them some degree of slack. And what I just said can be applied to any car company not named Tesla who has this process nailed down. All of them need to raise their game and think and act like software companies. Otherwise something catastrophic is going to happen to them and their customers.
UPDATE: A reader asked me if this affects Canadians. It does not as Blue Link is currently only available in the United States.
Share this:
Like this:
Related
This entry was posted on April 25, 2017 at 3:56 pm and is filed under Commentary with tags Hyundai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.