{"id":25955,"date":"2019-03-08T15:35:12","date_gmt":"2019-03-08T15:35:12","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29913\/Security-Holes-Found-In-Big-Brand-Car-Alarms.html"},"modified":"2019-03-08T15:35:12","modified_gmt":"2019-03-08T15:35:12","slug":"security-holes-found-in-big-brand-car-alarms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/security-holes-found-in-big-brand-car-alarms\/","title":{"rendered":"Security Holes Found In Big Brand Car Alarms"},"content":{"rendered":"
\n
<\/p>\n

Media playback is unsupported on your device<\/p>\n<\/p><\/div>

Media caption<\/span>WATCH: Security holes found in third-party smart car alarms<\/figcaption><\/figure>\n

Security flaws in three specialist car alarms have left vehicles vulnerable to being stolen or hijacked, say researchers.<\/p>\n

The bugs were found in alarm apps by Clifford, Viper, and Pandora. The alarms are on three million vehicles.<\/p>\n

The security researchers exploited the bugs to activate car alarms, unlock a vehicle’s doors and start the engine via an insecure app. <\/p>\n

The expose has prompted the firms to upgrade security to remove the flaws.<\/p>\n

Alarms ‘unhackable’<\/h2>\n

The research was carried out for the BBC’s Click technology programme by security consultants Pen Test Partners, which has a long track record of uncovering software flaws. <\/p>\n

The firm focussed on two well-known firms that produce alarms that can be accessed and controlled via smartphone apps – Pandora and Clifford (known in the US as Viper). <\/p>\n

The research found that Pandora, which had advertised its system as “unhackable”, allowed a user to reset account passwords for any account. <\/p>\n

Pandora now no longer makes the claim that its system is unhackable.<\/p>\n

The password flaw allowed researchers significant access to the app. They could:<\/p>\n