The problem was initially discovered by software security researchers nosing around on a 2022 Hyundai Sonata Hybrid, Automotive News reports. An unspecified flaw in the computer code allowed researchers to locate the car, activate the horn, lights, door locks, and start the engine, provided they had the vehicle identification number (VIN). Steering, throttle, brakes, and systems required to drive the car remotely weren't accessible.
With this new information, the researchers tried to gain access to models from Honda, Toyota, and Nissan in the same way. A more thorough investigation of the problem found that it was connected to SiriusXM's services, which offer a range of remote assists like automatic crash notification and vehicle monitoring, geofencing, stolen vehicle recovery, and more.
According to the SiriusXM connected services website, the company has programs with 15 OEMs, offers over 50 connected services, and is active on more than 12 million vehicles. No other automakers aside from Honda, Toyota, Nissan, and Hyundai were mentioned in the report.
Once the flaw was uncovered, researchers notified SiriusXM and automakers. In a statement to Automotive News, SiriusXM said the problem was "resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method." Statements from Hyundai and Honda indicated there were no known malicious actions or compromised accounts resulting from the issue.
As wireless technology continues to become a larger part of our lives, the importance of understanding and recognizing potential security flaws can no longer be ignored. In the automotive realm this is especially true when vehicles are connected to external networks, as it opens them up to a variety of attacks. Keeping connected vehicles safe requires a holistic approach that takes into account all hardware and software components, as well as how they interact with each other.
The recent vulnerability discovered in the SiriusXM Connected Services is a prime example of this and highlights just how real the risk is. Manufacturers must remain vigilant and constantly review their systems for potential vulnerabilities, while also devising methods to quickly address any issues that do arise.
Source: Automotive News