Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere

Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere

A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles. Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of an admin account that granted “unfettered access” to the unnamed carmake…

Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere

Security researcher Eaton Zveare told TechCrunch that the flaws he discovered in the carmaker's centralized dealer portal exposed vast access to customer and vehicle data. With this access, Zveare said he could remotely take over a customer's account and unlock their cars, and more.