autoevolution

Ethical Hacker Finds Out SiriusXM Can Unlock and Start Cars, Got There Ahead of Bad Guys

There is no question that the more we rely on being connected, the more vulnerable we are to those without a conscience and who wish to do us harm. But there is a bright side.
SiriusXM hq 9 photos
Sam CurrySam CurryNissanNissanInfinitiInfinitiAcuraAcura
That is the precise reason there is a burgeoning need for ethical hackers or 'white hat hackers' as they are known. These are the folks that work to identify security vulnerabilities in banking systems, online stores, and others before the unethical hackers beat the system and take whatever it is they want.

One such white hat hacker is Sam Curry, who works as a security engineer at Yuga Labs. His most recent Tweet details how hackers could infiltrate SiriusXM's Connected Vehicle Services platform. It turns out that SiriusXM is not just a music subscription service, but in fact, it provides remote services for many automobile manufacturers.

Curry was able to execute remote unlocking, starting, locating, honking the horn command simply by using the VIN of cars made by Honda, Nissan, Acura, and Infiniti. He also implied the hack would work on other manufacturers who use the Sirius XM platform for remote services.

The fact that Curry discovered the hack on the good side of the law is certainly a splendid thing, but it does raise additional alarm about the risks of connectivity.

For its part, Sirius XM offered this statement- “We take the security of our customers’ accounts seriously and participate in a bug bounty program to help identify and correct potential security flaws impacting our platforms. As part of this work, a security researcher submitted a report to Sirius XM's Connected Vehicle Services on an authorization flaw impacting a specific telematics program.

"The issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised nor was any unauthorized account modified using this method.”


 
 
 
 
 

Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories