Vulnerabilities in third-party car alarms managed via their mobile applications were uncovered by security researchers at Pen Test Partners. The security flaws reportedly affect around 3 million cars that use these “smart” internet-of-things (IoT) devices. Here’s what you need to know about these vulnerabilities.
[RELATED NEWS: Vulnerability in Key Fob Can Let Hackers Open Subaru Cars ]
The vulnerabilities are insecure direct object references (IDORs) in the application programming interfaces (APIs) of the applications that manage the smart alarms’ features. An IDOR occurs when an unsecure application exposes a value, data, or reference to an internal component implemented by the application. An IDOR can, for example, leak information stored in an application’s back-end. 
In the smart alarms’ case, the IDORs in the APIs don’t properly validate requests made to the applications. The vulnerabilities affecting the smart alarms have been disclosed to and fixed by the affected vendors.
[READ: Is Your Car Broadcasting Too Much Information? ]
According to the researchers, the IDORs in the APIs can let hackers carry out various actions, many of which are actually part of the smart alarms’ safety features. These include:
[Trend Micro Research: High-Tech Highways: Cyberattacks Against Internet-Connected Transportation Systems ]
Hacking smart cars via their proprietary apps isn’t new. As early as 2015, Trend Micro’s own research on car hacking showed how an unsecure application can leak sensitive information and even lock drivers out of their access to the application. There have also been other security issues in mobile applications that can let hackers snoop on personal data, illicitly access the car’s host computer, and even hijack the car.
[Expert Insights: Understanding Vulnerabilities in Connected Cars ]
Indeed, car hacking is no longer a proof of concept. As cars become smarter — with features like infotainment , Wi-Fi connectivity, keyless entries, and even additional driver safety relying on the internet — their attack surfaces become broader. When exploited, these security gaps put users’ data privacy and physical safety at risk.
Fortunately, car manufacturers recognize these issues. In fact, many of them, along with software and third-party application and service providers, are taking the initiative to promptly patch vulnerabilities and adopt industry-wide best practices to further secure smart cars .
Like it? Add this infographic to your site:1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
free cc dumps online dumps and pins for sale