Mobile app flaw patched by Hyundai to fight car thefts

Tuesday 2 May 2017 11:24 CET | News

Hyundai has patched a security flaw in the Blue Link mobile application that exposed sensitive information.

The issue was discovered in early February 2017 when Rapid7 security researchers informed Hyundai about the flaw the company introduced in version 3.9.4 of the Blue Link app. The company issued a fix in March 2017, with the release of Hyundai Blue Link v3.9.6.

The vulnerable versions of the Blue Link app log to a remote server at various times of the day, exposing sensitive information such as a users username, password, PIN, and historical GPS data, which hackers can use to track down, unlock, and start Hyundai cars.

Still, in order to be able to sniff the local network for the log upload operation an attacker would first need to compromise the same WiFi network the users phone is on. Nonetheless, car thieves can identify Hyundai car owners and follow them around until they connected to a public WiFi network, at which point they could wait for the app to upload its encrypted logs.

The Hyundai Blue Link app can be used to unlock newer Hyundai models released after 2012.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Hyundai, security, fraud prevention, patching, security flaws, sensitive info, South Korea, IoT
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions