Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Mobile app flaw patched by Hyundai to fight car thefts

Tuesday 2 May 2017 | 11:24 AM CET

Hyundai has patched a security flaw in the Blue Link mobile application that exposed sensitive information.

The issue was discovered in early February 2017 when Rapid7 security researchers informed Hyundai about the flaw the company introduced in version 3.9.4 of the Blue Link app. The company issued a fix in March 2017, with the release of Hyundai Blue Link v3.9.6.

The vulnerable versions of the Blue Link app log to a remote server at various times of the day, exposing sensitive information such as a user's username, password, PIN, and historical GPS data, which hackers can use to track down, unlock, and start Hyundai cars.

Still, in order to be able to sniff the local network for the log upload operation an attacker would first need to compromise the same WiFi network the user's phone is on. Nonetheless, car thieves can identify Hyundai car owners and follow them around until they connected to a public WiFi network, at which point they could wait for the app to upload its encrypted logs.

The Hyundai Blue Link app can be used to unlock newer Hyundai models released after 2012.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement