Companion mobile app exposed Hyundai cars to potential hijacking
The mobile application that accompanies many Hyundai cars exposed sensitive information that could have allowed attackers to remotely locate, unlock, and start vehicles.
The vulnerability was patched in the latest version of the mobile app released in March but was publicly disclosed on Tuesday. It is the latest in a string of flaws found over the past few years in the “smart” features added by vehicle manufacturers to their cars.
The Hyundai issue was discovered by independent researchers William Hatzer and Arjun Kumar when analyzing the MyHyundai with Blue Link mobile app.
Blue Link is a subscription-based technology that’s available for many Hyundai car models released after 2012. It allows car owners to remotely locate their vehicles in case of theft, to remotely unlock them if they lose or misplace their keys, and even to remotely start or stop their engine when they’re parked and locked.