A security researcher uncovered critical vulnerabilities in an automaker’s online dealership portal, exposing sensitive customer and vehicle data. The flaws could have allowed hackers to remotely access vehicles, manipulate customer accounts, and impersonate users. #AutomakerCybersecurity #DealershipPortal
Keypoints
- The vulnerabilities in the dealership portal could have enabled remote vehicle control and data breaches.
- The security flaw involved creating an admin account that granted unrestricted access.
- The portal’s code loading in the browser allowed security bypasses and account impersonation.
- Access included customer personal information, vehicle data, and telematics for real-time tracking.
- The vulnerabilities were fixed within a week after being reported by the researcher.