The pen is mightier than the car alarm

Subject: General Tech | March 8, 2019 - 12:57 PM |
Tagged: security, hack, automotive, car alarm

Another week goes by and another half dozen vulnerabilities have been announced, as has sadly become tradition.  If you prefer to jump directly to the Chrome and Win7 ones below feel free, but this particular vulnerability Hackaday describes is a bit different from the norm.  It seems popular car alarm systems from Viper/Clifford and Pandora can be used quite effectively as carjacking tools. 

They both had poorly implemented security protocols which made it fairly trivial to change any users password so you could gain access to the account.  That access allows you to locate the car via GPS, listen to what is going on if the car has a microphone open or lock the doors and even start and stop the engine, as well as triggering the alarm.  This is as they say, a bad thing, and thankfully it was effectively patched once reported to the companies involved.

PEN-TEST-PARTNES-LOGO-04012018.png

"As ethics demand, the group notified the vendors and supposedly the holes have been plugged. Sometimes you hear about a hack that requires some very exotic work, but these were trivially simple. It is unknown if anyone ever used these hacks in a bad way, but it was certainly a real possibility."

Here is some more Tech News from around the web:

Tech Talk

Source: Hackaday