Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere

A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.

Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of an admin account that granted “unfettered access” to the unnamed carmaker’s centralized web portal.

With this access, a malicious hacker could have viewed the personal and financial data of the carmaker’s customers, track vehicles, and enroll customers in features that allow owners — or the hackers — control some of their car’s functions from anywhere.

Read more at TechCrunch