Fatal API errors detected in the premium car brands
San Francisco, 01/09/2023
Mercedes, BMW, Rolls Royce, Ferrari, Porsche, Toyota, and nearly 15 other automakers may have been hacked. Apparently it was caused by an API error.
The most serious API bugs were found at BMW and Mercedes-Benz. Here it was a flaw in the single sign-on system that left the companies vulnerable to hacks. Researchers’ use of this bug took them to multiple company GitHub pages, internal chat communications, and XENTRY system logins.
At Ferrari, a hacker was able to exploit security vulnerabilities and access, change or delete a customer account, manage their vehicle profile or impersonate the car owner.
Porsche has found that their vehicles are vulnerable to real-time GPS tracking. This error affects at least 15.5 million vehicles.
By exploiting other vulnerabilities, hackers were able to unlock a car, start the engine, or disable the starter.