SECURITY
SECURITY
SECURITY
Researchers find some smart car alarms can be easily hacked
So-called smart car alarms are supposed to make vehicles more difficult to steal, but newly published research has found that alarms made by two companies actually make stealing a car easier.
The research, released Friday, comes via Pen Test partners, which studied a range of third-party smart car alarms for security vulnerabilities.
Smart car alarm models under the Viper brand, made by U.S. firm Directed Electronics Inc., and Pandora Car Alarms, made by a Russian company called Experimental Engineering Factory, were found to be easily hackable.
The vulnerabilities stem from the way systems from both companies use apps to communicate with the alarm system. Taking advantage of an unauthenticated application programming interface and an indirect direct object request, the security researchers easily reset the password on the alarms, giving them full control.
In addition to allowing a potential hacker to steal a given vehicle by unlocking doors and disabling both the alarm and vehicle immobilizer, the access also allows the owner’s details to be stolen, the vehicle to be tracked and even microphones in the vehicle to be compromised.
Worse still, the access could be used to take control of a vehicle while it was being driven, meaning a hacker could cause a vehicle to come to a halt, potentially causing an accident.
Both companies have since moved to patch the security vulnerabilities, but drivers who do not update the software behind the smart car alarms are still vulnerable.
Jason Haddix, vice president of researcher growth at the crowdsourced security platform Bugcrowd Inc., told SiliconANGLE that auto vulnerabilities bring cybersecurity into the daily lives of every consumer.
“Connected devices, such as smart alarms in cars, collect a great deal of information about the people that use them, giving attackers a view into when you leave for work, where you are and when you arrive home,” Haddix said. “And we’re still at the beginning of the adoption curve.”
Noting that Pandora claims that its alarms are impossible to hack, Haddix added that “everything is hackable, and organizations must take proactive security measures to identify and patch their vulnerabilities before they are exploited by the bad guys.”
Photo: comedynose/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
