Hackers have found a new, surprising way to gain controls of a few functions through SiriusXM. That’s right, SiriusXM, the satellite radio company that offers a wide range of channels that’s somehow never out of range of a satellite, has a Connected Vehicle service that quite a few automakers use to provide remote services to their vehicles. After poking around various smartphone applications, hackers found a vulnerability in the remote system that allowed them to remotely gain access to the vehicles. Who knew that something like satellite radio would give hackers a way to get into your vehicle?
Before you panic and cancel your SiriusXM subscription, you should know that the issue has already been patched. So, you don’t run the risk of having your vehicle hacked, as SiriusXM, in their defense, came out with a quick fix once they heard what was happening. Plus, it was a good group of hackers that found they were able to remotely gain access to a vehicle. Additionally, the hackers found that only certain automakers were susceptible to the hack.
As Automotive News outlines, Sam Curry, a security engineer at Yuga Labs and one of the hackers in the group, posted a detailed outline of how he was able to remotely gain access to vehicles through SiriusXM’s Connected Vehicle services on Twitter. Curry found that automakers like Acura, Honda, Lexus, Toyota, Subaru, Nissan, Infiniti, Land Rover, Jaguar, BMW, and Hyundai all use SiriusXM’s Connected Vehicle services to provide customers with remote services to their vehicles. Remote services include roadside assistance, automatic crash notifications, remote start, remote door unlock, and stolen vehicle recovery, claims Auto News. Curry found a coding flaw in a 2022 Hyundai Sonata Hybrid that allowed him to honk the horn, flash the lights, locate the vehicle, unlock the car, and start the car with just the VIN. While the hackers were able to remotely control a few features of the vehicle, they weren’t able to control any driving functions of the car.
The hackers sent their findings to SiriusXM, who quickly delivered a fix. In a statement to Auto News, SiriusXM Connected Vehicle Services said that “the issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method.” On Twitter, Curry confirmed that he was only able to confirm that the vulnerability existed for vehicles from Infiniti, Honda, Acura, and Nissan.
For owners, this is pretty alarming. Everyone got lucky that a group of good hackers were the ones to find the vulnerability. Private information, like addresses, phone numbers, names, and vehicle information can all be found through SiriusXM’s Connected Vehicle service. While the process that Curry outlined seems extensive, I wouldn’t even know where to start if someone told me how to begin the process, but it’s scary that hackers were able to access the vehicles and private information. It’s further proof that cars are becoming more advanced computers on wheels and are more complicated than most owners expect.
Source: Automotive News (Subscription Required)
Car Gets Hacked Live on 60 Minutes
Disconnected Cars: Which Cars Are the Most Resistant to Hacking?
Ford Cuts Free SiriusXM Trial Length In Half
Lawmakers Pressure the NHTSA to Look Into Vehicle Hacking
Fiat-Chrysler Software Recall: What You Need to Know
