Posted on March 12, 2019 at 4:21 PM
Smart cars may not be the next best thing in safety as many of them are vulnerable to the antics of hackers.
Recently, the discussion has been about smart and connected homes and how the tech behind them will improve our lives. Apart from smart homes, IoT technology has also led to the advent of smart cars. These cars are convenient, comfortable and allow users to unlock or start them remotely using their smartphones. However, no matter the good sides of smart cars, they are prone to hacking attacks. Since these connected cars make use of software to operate, they are vulnerable to cyber attacks.
Recently, two alarm systems used by the industry to power smart cars were tested to prove their security level. The result of the test was alarming because even the more trusted of the two systems was vulnerable. A company that claimed to offer an unshakable alarm could not hold its ground because the test proved the hype wrong.
Results of Tests on two connected car alarms
The results of the test carried out on two popular systems revealed many security flaws. Researchers discovered that the vulnerabilities in the systems could create room for hackers to manipulate smart cars. Hackers can unlock your smart car, track it, steal sensitive information or kill car engines on the motion.
According to the researchers from “Pen Test Partners” the car alarm systems with these vulnerabilities were “Pandora and Viper System” The alarming part is that the two brands are popular and has almost 3 million people using their car alarms. Also, these systems are a bit pricy because a customer normally pays an installation fee of $5,000 for a car.
The most interesting information was that Pandora stated boastfully that their security is not penetrable for hackers. We gathered that the statement led to testing out the security level of the alarm systems.
Security holes on the alarm systems
The API of the two of the car alarm systems had problems authentication issues on their smartphone apps. Due to this hole, a hacker can modify certain parameters and update the email address of a user without authentication. Afterward, he can reset a user’s password and hijack the account completely. Further, with the microphones which Pandora install in their alarm systems, hackers can listen to car owner’s conversations.
What’s the next step towards solutions?
According to Pen Test Partners, Both brands received the information that their systems have security flaws in February. Owing to the dangers facing their 3 million customers, the companies shortened their disclosure period to one week. Both Pandora and Viper reacted quickly by fixing the flaws during that period. Now, customers can rest their minds if they take some necessary measures.
So, if you are a customer using their alarm systems, you must update both your firmware and app immediately. Also, change your app’s default password to tighten the security. Don’t forget, always use unique and strong credentials that hackers will not guess easily. A combination of uppercase, numbers, and characters may give you an impenetrable password. Note unique means that you should avoid using the same password for two services. It might expose your app to attacks.
Finally, make use of the two-factor authentication services if you can and update your app regularly.