Security researchers with Pen Test Partners were in a position to lock down 25,000 vehicles after they found a critical vulnerability in the SmarTrack immobilizer designed to let car owners remotely shut down their car to prevent criminals from starting the engine.
The vulnerability, which has been patched, was relatively easy to exploit. Because the SmarTrack systems didn’t adequately check if requests to the immobilizer were sent by an authorized user such as a SmarTrack call center employee, the researchers were able to sent simple browser requests that would immediately lock down a car without the owner being made aware of this.
Read more: Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button