Vulnerabilities in Hyundai App Exposed Vehicles to Theft by Hacking

The vehicles were vulnerable for three months until Hyundai fixed the problem in March

Vulnerabilities in Hyundai App Exposed Vehicles to Theft by Hacking
Image: Hyundai
April 26, 2017

A cybersecurity firm has announced that software vulnerabilities in a Hyundai app exposed vehicles for three months to the danger of theft by hacking.

The purpose of the app is to start the car remotely. Hyundai fixed the problem last month.

The flaw was introduced to the app by Hyundai itself in a December 8, 2016 update. The flaw allowed car thieves to find vulnerable vehicles, unlock them, and start them, according to Tod Beardsley, research director for cybersecurity company Rapid7.

Hyundai confirmed the existence of the problem and said that it took action quickly to fix it.

An advisory about the flaw was issued on Tuesday by the U.S. Department of Homeland Security. It stated: "No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit."

Both Hyundai and Beardsley said they were unaware of any instances of thieves using the flaw to steal a vehicle before the company issued the fix to app users in March.

"The issue did not have a direct impact on vehicle safety," said Jim Trainor, a Hyundai Motor America spokesman. "Hyundai is not aware of any customers being impacted by this potential vulnerability."

Hyundai is not the only automaker to struggle with cybersecurity issues as vehicles become more and more computerized. Fiat Chrysler was forced to recall 1.4 million vehicles in 2015 after security researchers showed how they were able to remotely take control of a Jeep traveling at a high speed, and that same year General Motors found and fixed a similar issue in its OnStar vehicle communication system that could have allowed hackers to break into cars.