Hyundai’s Smartphone App’s Flaw could let Hackers Locate and Take Control of Your Car

Security flaws in smartphone isn’t a new thing but a recent discovery by researchers reveals that exploitation of such mistakes can be costly if hackers accidentally learn about the flaws. In a recent disclosure, researchers have noted that several bugs were uncovered in Hyundai Motor America’s Blue Link Application which could allow hackers to remotely start the engine, set timers, temperatures, lock the car.

In a blog post, Rapid7 expert revealed that the app was storing key user data in clear-text and used hard-coded decryption passwords. In addition to this, the affection versions of the Blue Link application were actually uploading logs to a static IP address on Port 8080. As a result, if the log is decoded,  it could give away all the information of users.

Talking about the exploitation, the firm said, “It would be difficult-to-impossible to conduct this attack at scale, since an attacker would typically need to first subvert physically local networks, or gain a privileged position on the network path from the app user to the vendor’s service instance.”

However, good news is that the automaker was notified about the incident as they said, “Hyundai Motor America was made aware of a vulnerability in the Hyundai Blue Link mobile application by researchers at Rapid7.”

“Upon learning of this vulnerability, HMA launched an investigation to validate the research and took immediate steps to further secure the application. HMA is not aware of any customers being impacted by this potential vulnerability.”

“The security of our customers is of the utmost importance to Hyundai. HMA continuously seeks to improve its mobile application and system security. As a member of the Automotive Information Sharing Analysis Centre, HMA values security information sharing.”

However, this isn’t the first time an automaker has been proven to be vulnerable to hackers as back in 2015m Fiat was forced to recall more than 1 million vehicles after its Cherokee range could be hacker.

Featured Image: Wikimedia Commons

Related Articles