Security researchers with Pen Test Partners have uncovered critical vulnerabilities in popular car alarm systems developed by Pandora and Viper. Not only can the flaws enable threat actors to obtain sensitive data about the owner and location of vehicles running the alarm system software, but they may also allow attackers to take remote control of certain car functions, which could lead to very dangerous situations.
The vulnerabilities, which affect millions of vehicles, make it possible for attackers to:
• Geo-locate vehicles in real time
• Identify the car type and owner’s details
• Disable the alarm
• Unlock the car
• Enable and disable the immobiliser
In some cases, it is also possible to:
• ‘Kill’ the car engine while it is driving
• Allow drivers to be ‘snooped’ on through a microphone
• Steal vehicles
Read more: Smart Car Alarms Ironically Expose Millions of Vehicles to Remote Hijacking