{"id":49522,"date":"2022-11-30T23:30:11","date_gmt":"2022-11-30T23:30:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/sirius-xm-flaw-unlocks-so-called-smart-cars-thanks-to-code-flaw\/"},"modified":"2022-11-30T23:30:11","modified_gmt":"2022-11-30T23:30:11","slug":"sirius-xm-flaw-unlocks-so-called-smart-cars-thanks-to-code-flaw","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/sirius-xm-flaw-unlocks-so-called-smart-cars-thanks-to-code-flaw\/","title":{"rendered":"Sirius XM flaw unlocks so-called smart cars thanks to code flaw"},"content":{"rendered":"

Sirius XM’s Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN).<\/p>\n

Yuga Labs’ Sam Curry detailed the exploit in a series of tweets<\/a>, and confirmed that the patch issued by SiriusXM fixed the security issue.<\/p>\n

When asked about the bug, which affected Honda, Nissan, Infiniti, and Acura vehicles, a Sirius XM Connected Vehicle Services spokesperson emailed The Register<\/em> the following statement:<\/p>\n

Curry and other bug hunters found several vulnerabilities affecting different car companies earlier this year, which prompted<\/a> the researchers to ask “who exactly was providing the auto manufacturers telematic services” for the different automakers.<\/p>\n

The answer was Sirius XM, which handles connected vehicle services<\/a> to Acura, BMW, Honda, Hyundai, Infiniti, Jaguar, Land Rover, Lexus, Nissan, Subaru, and Toyota.<\/p>\n