back to article Hyundai app security blunder allowed crooks to 'steal victims' cars'

Hyundai has patched its Blue Link smartphone app to stop it blabbing private info that could, it is claimed, be used to break into and steal people's cars. The now-updated software, available for iOS and Android, leaked sensitive personal information about registered users and their vehicles, including usernames, passwords, …

  1. chuckufarley

    Hyundai says...

    ..."Hyundai is not aware of any customers being impacted by this potential vulnerability."

    Which is like saying that people have potential vulnerabilities to falling pianos, hand grenades, or the vacuum of space.

    What gets me is that these are REAL vulnerabilities to everyone. It won't matter if they are ever exposed to them or not. They are still vulnerable to them.

    So:

    -10 points to Hyundai for bad security.

    +5 points to Hyundai for fixing the issue before it was exploited.

    -5 Points to Hyundai for illogical press releases.

  2. JeffyPoooh Silver badge
    Pint

    Steal a Hyundai?

    Crikey. Their ambition is rubbish.

    1. Chris Miller

      Re: Steal a Hyundai?

      Fair point. My primary 'anti-theft device' is living between drives, one of which holds a shiny new Mustang and the other a fully tricked out M3. I doubt anyone would target my boring SUV.

  3. Chairo

    Past and present

    In the past you were locked out of your car because the lock was frozen and the de-frosting spray was in the car.

    Nowadays you are locked out because your smartphone has no battery any more and the charger is in the car.

    1. Stoneshop Silver badge
      Holmes

      Re: Past and present

      ... and your other charger is inside the house, the door of which is controlled via Bluetooth.

    2. allthecoolshortnamesweretaken Silver badge

      Re: Past and present

      Must be this "progress"-thingy I keep hearing about so much.

  4. Anonymous Coward
    Anonymous Coward

    Car Makers think privacy / security doesn't matter...

    Well It does... I've money to spend but holding off because of stuff like this...

  5. TeeCee Gold badge
    Facepalm

    Yes....but....

    Now imagine a similar vulnerability being discovered in about eight years' time.

    Is it fixable on the older kit? Probably not.

    Is the manufacturer going to bother trying to fix it on something that old? Definitely not.

    Does that make it any less serious? No.

    With it not being fixed, does that make it more likely that someone will build on it to find a way of compromising the vehicle's controls? Yes.

    And there you have it. The reason why the concept of the "connected car" needs to be banned. Now. It won't be of course. Government surveillance and data harvesting opportunities trump a mind-numbingly obvious lethal risk every time.

    Anyone buying a car with these features needs their bumps felt.

  6. 8Ace

    Next car I buy

    Next car I purchase will depend on the manufacturer giving me a declaration in writing that all this crap can be turned off on request. I just want a car with enough electronics to move and play music from CD/USB stick

    1. druck
      Big Brother

      Re: Next car I buy

      Well good luck with that, alternatively choose something old without an ECU. If enough people did, the place would end up looking like Havana.

      1. Loud Speaker

        Re: Next car I buy

        the place would end up looking like Havana.

        But would we get Cuban music from the sound systems?

        If I had a Hyundai, I would probably avoid the update in the hope of it being stolen - assuming I could afford the insurance premiums.

      2. Down not across

        Re: Next car I buy

        If enough people did, the place would end up looking like Havana.

        And the problem is? I'd have no issue having a nice '55-57 Bel Air or Nomad as a daily driver. Or maybe a '58 Bonneville.

    2. Warm Braw Silver badge

      Re: Next car I buy

      a car with enough electronics to ... play music from CD/USB stick

      I think I'd prefer wiring for power, speakers and aerial(s) and a DIN-sized hole for the rest.

  7. gnasher729 Silver badge

    Transport Security

    Unfortunately still not mandatory for iOS on the app store.

    What Transport Security does: 1. Requires everything to be https. 2. Requires all servers to use software with no known insecurities.

    Since you cannot always enforce this with third party servers, you can register exceptions for this (like access site xxx.yyy.com with software version 1.2 instead of the required 1.3).

    This was supposed to be required for all new applications, with exceptions to the checking only allowed for good reasons. No exceptions for your own servers obviously.

    Unfortunately it isn't enforced yet. Would have made any hacking impossible on iOS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019