Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Onsite Support
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Tuesday, 30 April 2019 / Published in Woo on Tech

Lax App Security Leads to Hacked Cars

GPS tracking devices on fleet vehicles have enabled transportation and shipping companies to to streamline operations and improve efficiency for decades. As vehicles have become increasingly computerized, these devices also acted as a gateway for even more data gathering, commonly known as telemetry, which naturally led to them being connected to the internet for realtime data gathering and, of course, remote control capabilities, including the ability to stop engines, apply brakes and even control the steering. And, as is the tendency for all things internet-connected, these GPS systems are vulnerable to hacking, especially if the companies writing the software do dumb things like setting the default password to “123456”.

Who would do such a thing?

You can bet that if you set your default password to something as simple as that, and even publish that fact in the app documentation, someone is going to notice and take advantage, which is exactly what a hacker did when he used this knowledge and bit of code to brute force his way into thousands of user accounts for two widely-used Android apps. Not only was he able to gather confidential user data from the mobile device on which the apps were installed, but he was also able to gain collective access to thousands of vehicles that were managed by the app itself. Both apps also included functionality that, if installed and enabled by the vehicle operator, allowed the engine to be stopped remotely, even if it was in motion (up to 12 MPH supposedly). According to the hacker himself, he had the potential to cause a great deal of chaos, financial damage and potential physical harm if he were to actually follow through on killing engines on thousands (he claims hundreds of thousands) of vehicles, he stopped short of doing so, as his intent was not to hurt individuals but to raise awareness with companies using the flawed platforms. Both apps are developed by firms located in a country that has a reputation for producing products, software and firmware with serious security flaws and alleged backdoors. It’s unclear whether this particular hacker’s efforts will result in any overall improvements in the industry, but since contacting the app firms, at least one of the companies has reached out to its customers to urge them to change their passwords.

Image by Photo Mix from Pixabay

  • Tweet

What you can read next

A small wrinkle delays Samsung Galaxy Fold Launch
Dropbox breach
60M Dropbox accounts exposed in 2012 breach
Computer Security
Zombified Computers get 2 week reprieve

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Apple-logo.png

    New Malware hits 30k Macs

    Not even three months into Apple’s releas...
  • Biohazard warning

    Poor IT practices led to Florida utility hack

    Last week the sleepy Florida town of Oldsmar ma...
  • Facebook – Too little, too late?

    When working with people who are actively attem...
  • Things you should know as a WFH Pro

    While the past year has been no picnic for anyo...
  • Who Protects the Protectors?

    If you’ve used a computer – Windows...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP