Car Dealership Platform Vulnerabilities Exposed by Researcher

A cybersecurity researcher revealed critical vulnerabilities in a U.S. dealership platform used by over 1,000 locations, potentially allowing remote access to vehicles and sensitive customer data. By exploiting API flaws and bypassing registration restrictions, he gained administrative access and demonstrated the ability to unlock, track, and start cars using only a customer’s name. The vulnerabilities, which affected models made since 2012, also exposed financial documents and internal systems. The automaker, whose name remains undisclosed, has since fixed the issues following disclosure.

Read more:

https://www.securityweek.com/flaws-in-major-automakers-dealership-systems-allowed-car-hacking-personal-data-theft/