Drive a Toyota, Kia, Mercedes or BMW? Your personal info may have been exposed

Hackers are always looking for new ways to get their hands on your data. It even trumps your credit or debit card details. Unfortunately, security breaches happen on a more grand scale than most would like to know, such as the IRS leak from late last year.

Criminals made off with the details of over 120,000 taxpayers. But that was only a tenth of a massive breach a month later, as a Facebook tracker exposed the details of over 3 million people.

It’s easy to assume that data breaches happen to high-value targets, but that isn’t always the case. Read on to see how your details might be at risk by simply driving one of these cars.

Here’s the backstory

Technology advances at an incredible pace, and it’s more common now than ever to find internet-connected components in household appliances. For example, a web-connected fridge tells you when you’re out of milk. A more advanced model even places an online order for you before that happens.

Ingenious features have also made their way into many vehicles. The center console of technologically-advanced cars can show you almost every aspect of your vehicle, including your details, where you bought the car, when the next service is due and access to additional subscription-based functions.

But with any connected gadget, there is a risk of data compromise, which is precisely what security researchers recently found.

During an investigation, researchers found several API security vulnerabilities in popular models from Ford, Nissan, Toyota, Mercedes, Kia, BMW and many more. Nearly 20 manufacturers were impacted.

How hackers exploit API flaws

Researchers found that hackers could access the vehicle’s telematic systems to honk the horn, flash the lights, or remotely track the car. 

It gets worse. According to team leader Sam Curry, with the correct access, hackers can “fully lock and unlock the car, start and stop the engine, and lock users out of remotely managing their vehicle while changing ownership details.”

The level of access depends on the vehicle, but the most severe is in BMW and Mercedes-Benz. Using the exploit in these cars, hackers can access the company-wide internal chat tool, hundreds of mission-critical internal applications, and the internal dealer portals where they can query any VIN.

Continue reading

⚙️ Shifting gears: Mercedes is scrapping the entire division that was working on a 750-mile range EV. They’re still making EVs, but they’re not selling well. You can snag one at a darn good price right now. Oh, and Hertz is dumping 30,000 of its Teslas, if you’re looking for a deal on one of those.

$15 billion investment

From Mercedes, with a chunk of that going toward “high-tech combustion technology.” Yep, gas cars. Audi, Porsche and Toyota are hitting the brakes (sorry) on EVs, too. They’re not stopping development, though — just pouring less money into it.