Skip to main content

MyCar App Makes it Dangerously Easy for Hackers to Locate, Control Connected Cars Remotely

posted onApril 11, 2019
by l33tdawg
The Drive
Credit: The Drive

A backdoor discovered in MyCar, a smartphone app that awards old vehicles some degree of connected-car tech and capabilities, has recently been unearthed. The vulnerability, which was recently patched, enabled attackers to read telemetrics and even send commands to an unsuspecting vehicle without needing the owner's credentials.

MyCar was found to have been published with administrator credentials hard-coded into the software. This particular vulnerability, if exploited, could allow bad actors access to a particular user's account without their consent or even knowing the credentials for their vehicle. Once access is gained, the attacker could unlock the vehicle, start the engine, change the vehicle's HVAC controls, or even find the vehicle's current location.

According to sources, the application's developer, AutoMobility Distribution, had been made aware of the vulnerability as early as January and had been working to remedy the issue. It's unclear if the exploit had been used in the wild before being patched.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th