SiriusXM Cars May Be Vulnerable To Hackers

By

Automotive Editor

Based out of the Washington, D.C. area, Joel Patel is an automotive journalist that hails from Northern Virginia. His work has been featured on various automotive outlets, including Autoweek, Digital Trends, and Autoblog. When not writing about cars, Joel enjoys trying new foods, wrenching on his car, and watching horror movies. 

Follow On: Twitter

, Automotive Editor - December 6, 2022
2022 Land Rover Range Rover Velar

Hackers have found a new, surprising way to gain controls of a few functions through SiriusXM. That’s right, SiriusXM, the satellite radio company that offers a wide range of channels that’s somehow never out of range of a satellite, has a Connected Vehicle service that quite a few automakers use to provide remote services to their vehicles. After poking around various smartphone applications, hackers found a vulnerability in the remote system that allowed them to remotely gain access to the vehicles. Who knew that something like satellite radio would give hackers a way to get into your vehicle?

Before you panic and cancel your SiriusXM subscription, you should know that the issue has already been patched. So, you don’t run the risk of having your vehicle hacked, as SiriusXM, in their defense, came out with a quick fix once they heard what was happening. Plus, it was a good group of hackers that found they were able to remotely gain access to a vehicle. Additionally, the hackers found that only certain automakers were susceptible to the hack.

2022 Hyundai Sonata Hybrid

As Automotive News outlines, Sam Curry, a security engineer at Yuga Labs and one of the hackers in the group, posted a detailed outline of how he was able to remotely gain access to vehicles through SiriusXM’s Connected Vehicle services on Twitter. Curry found that automakers like Acura, Honda, Lexus, Toyota, Subaru, Nissan, Infiniti, Land Rover, Jaguar, BMW, and Hyundai all use SiriusXM’s Connected Vehicle services to provide customers with remote services to their vehicles. Remote services include roadside assistance, automatic crash notifications, remote start, remote door unlock, and stolen vehicle recovery, claims Auto News. Curry found a coding flaw in a 2022 Hyundai Sonata Hybrid that allowed him to honk the horn, flash the lights, locate the vehicle, unlock the car, and start the car with just the VIN. While the hackers were able to remotely control a few features of the vehicle, they weren’t able to control any driving functions of the car.

The hackers sent their findings to SiriusXM, who quickly delivered a fix. In a statement to Auto News, SiriusXM Connected Vehicle Services said that “the issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method.” On Twitter, Curry confirmed that he was only able to confirm that the vulnerability existed for vehicles from Infiniti, Honda, Acura, and Nissan.

For owners, this is pretty alarming. Everyone got lucky that a group of good hackers were the ones to find the vulnerability. Private information, like addresses, phone numbers, names, and vehicle information can all be found through SiriusXM’s Connected Vehicle service. While the process that Curry outlined seems extensive, I wouldn’t even know where to start if someone told me how to begin the process, but it’s scary that hackers were able to access the vehicles and private information. It’s further proof that cars are becoming more advanced computers on wheels and are more complicated than most owners expect.

Source: Automotive News (Subscription Required)

Check Out the Best New Car Deals

, Automotive Editor

Based out of the Washington, D.C. area, Joel Patel is an automotive journalist that hails from Northern Virginia. His work has been featured on various automotive outlets, including Autoweek, Digital Trends, and Autoblog. When not writing about cars, Joel enjoys trying new foods, wrenching on his car, and watching horror movies. 

Follow On: Twitter

Privacy Terms of Use Do Not Sell or Share My Personal Information Disclaimer Cookie Policy Manage Preferences
COPYRIGHT 1999-2023 MH Sub I, LLC dba CarsDirect.com