News Insights: Car alarms with security flaws put 3 million vehicles at risk of hijack

News Insights:

According to Jason Haddix, VP of Researcher Growth, Bugcrowd, “Auto vulnerabilities bring cybersecurity into the daily lives of every consumer. The vulnerabilities recently discovered in Viper and Pandora products present safety concerns that could potentially cause physical harm to drivers and passengers, not to mention the privacy concerns. Connected devices, such as smart alarms in cars, collect a great deal of information about the people that use them, giving attackers a few into when you leave for work, where you are, and when you arrive home. And we’re still at the beginning of the adoption curve.”

Haddix then remarked, “Interestingly enough, Pandora’s website claims that it’s use of dialog code makes it “impossible to hack.” Everything is hackable, and organizations must take proactive security measures to identify and patch their vulnerabilities before they are exploited by the bad guys.” He added, “Today, cars are truly connected devices. For this reason, automakers have become increasingly bullish about the cybersecurity. Several of which, including companies like Tesla and Fiat Chrysler Automobiles, have turned to crowdsourced security programs such as bug bounty, and hosting bug bashes where hackers have found thousands of critical vulnerabilities, helping these companies fix bugs before they impact consumers. Given the potential impact, critical auto vulnerabilities are among the highest paid on the Bugcrowd platform, with an average of nearly $5,000.”