There are always pros and cons to everything, even advanced technologies have two sides to their usage. One that helps in achieving extreme possibilities and the other that gives numerous threats to deal with. To prove this, recently, two popular car alarm systems compromised the safety of at least 3 million vehicles. Researchers were able to remotely monitor, hijack, and take control of vehicles installed with alarms.
Researchers at the Pen Test Partners, a U.K. cyber-security company, stated that car security systems were vulnerable to a simply manipulated server-side API. California-based Viper and Russian alarm maker Pandora built these systems.
Manipulating Data in Alarm Systems to Increase Concerns
Researchers carried out a representative hack by tracking car in real-time and geo-located a target vehicle. Further, they followed it, remotely killed the engine, and forcefully stopped the car. Moreover, they were also capable of identifying some car models, which made hijack of high-end vehicles much easier.
In addition, researchers could listen through in-car microphones used for making calls to the emergency services. One of the concerning aspects is that the alarm system can be tricked into resetting the account password. This is because the API failed to check if it was an authorized request that allowed the researchers to log in.
After the findings to this study, researchers immediately contacted Viper and Pandora describing the severity of the vulnerabilities. They proposed a seven-day disclosure period and the companies responded to fix the flaws at the earliest.
However, safety of consumer data and permission were mandatory for the experiment. In addition, there are no substantial grounds from where these analyses came from. Even in a mail by Antony Noto from Pandora questioned several findings of the researchers. Researchers avoided hacking remotes or cloning tags. However, there might be a glitch that allowed temporary access to the device for a shorter time.