Security flaws in three specialist car alarms
have left vehicles vulnerable to being stolen or hijacked, say researchers.
The bugs were found in alarm apps by Clifford,
Viper, and Pandora. The alarms are on three million vehicles.
The security researchers exploited the bugs to
activate car alarms, unlock a vehicle's doors and start the engine via an
insecure app.
The expose has prompted the firms to upgrade
security to remove the flaws.
Alarms 'unhackable'
An organization focused on two well-known
firms that produce alarms that can be accessed and controlled via smartphone
apps - Pandora and Clifford (known in the US as Viper).
The research found that Pandora, which had
advertised its system as "unhackable", allowed a user to reset
account passwords for any account.
Pandora now no longer makes the claim that its
system is unhackable.
The password flaw allowed researchers
significant access to the app. They could:
§ to take control of the
smart alarm remote access app
§ track any vehicle in
real time
§ remotely activate the
alarm
§ open the door locks
§ start a vehicle's
engine
https://www.bbc.com/news/technology-47485731
0 Comments