So a huge bug has been found in the alarm system of big car brand, some of which include Clifford, Viper, and Pandora. The bug has been estimated to be on about 3 million vehicles(what). With the bug, people who know their way around you can activate car alarms, unlock a vehicle’s doors and start the engine via the insecure app😨.
Companies like pandora who describe thier system as “unhackable” allowed a user to reset account passwords for any account. The password flaw allowed researchers significant access to the app. They could take control of the smart alarm😯, track any vehicle in real-time😨, remotely activate the alarm😱,open the door locks😵(what!!!!), and then to top it all you can even start the engine😥😷😭.
The ethical hackers also looked at smart alarms produced by Clifford, which is the market leader in third-partyalarms in the UK. The team found that it was possible touse a legitimate account to access other users’ profiles and to then change the passwords for those accounts and take control. A security consultant at Pen Test Partners said “I could look on the system and look for a nice Lamborghini or a Porsche, locateone close to where I am, go and start that car if no one’s around, open the doors and drive away”
Even the parent company Directed, confirmed the and admitted that”customers’ accounts could have been accessed without authorisation… as a result of a recent update”, but no need to worry(well you should be worried just a bit) the security flaw has been resolved. In a statement, Russia-based Pandora Alarms, which also sells products in the UK, said: “We have made changes to the code and upgraded security. Thepain point has been removed.”
Security expert Professor Alan Woodward said it starting to become a trend for companies, they focus on front-end so much leaving the back-end volunerable and susceptible to attacks, “It should be the companies paying for this, not researchers doing it as a sideline,” he said.