Connected vehicles are becoming more and more popular with drivers all over the world. However, a recent vulnerability in the SiriusXM connected vehicle services has exposed cars from Honda, Nissan, Infiniti, and Acura to remote attacks. Just by knowing the vehicle’s vehicle identification number (VIN), attackers can retrieve a victim’s personal details as well as execute commands on their car. Let’s take a closer look at this vulnerability and what is being done to fix it.
The vulnerability was discovered by security researchers from Security Research Labs (SRL) and affects SiriusXM’s Connected Vehicles (CV) Services, which are said to be used by more than 10 million vehicles in North America. The researchers found that an attacker could simply send a specially crafted HTTP request containing the VIN number to a SiriusXM endpoint (“telematics.net”) and gain access to sensitive information about the car and its owner, such as make/model, location tracking data, odometer readings, and even remotely open/lock doors or start/stop engines.
Fortunately, both SiriusXM and Hyundai have since rolled out patches to address these flaws; however, there is no guarantee that other automakers have done the same or plan on doing so in the near future. Additionally, not every customer will receive these patches as many older cars do not have access to automatic updates via cellular networks or via USB sticks like newer models do. This puts millions of drivers who own older cars at risk of having their data compromised or their cars hacked into remotely.
Connected vehicles are becoming increasingly popular but they come with certain risks attached. The recent discovery of vulnerabilities in SiriusXM’s Connected Vehicle services shows just how vulnerable our data and our cars can be if proper security measures are not taken. Thankfully both SiriusXM and Hyundai have taken steps to patch up these vulnerabilities but there is still much work left to be done in order for drivers all over the world to feel safe when driving their connected vehicles. It is now up to individual automakers to ensure that their customers’ safety comes first by rolling out security updates regularly for all their models – both new and old ones alike!