A researcher uncovered critical vulnerabilities in a major automaker’s dealership platform that could allow remote hacking of vehicles and access to personal data. The findings underline systemic security risks in automotive dealership systems, prompting actions to address these flaws. #EatonZveare #Traceable #AutomakerSecurity #VehicleHacking #APIVulnerabilities
Keypoints
- A researcher identified vulnerabilities in a car dealership platform used by over 1,000 U.S. dealerships.
- By exploiting API flaws, the researcher created an admin account with full access to vehicle and customer data.
- The attack enabled remote vehicle tracking, unlocking, and engine start for cars since 2012.
- Vulnerabilities also exposed personal, contractual, and financial information of customers and employees.
- The automaker addressed these issues after being notified, highlighting the need for improved security in the industry.