| Data security gaps found at more automakers |
A group of white hat hackers cracked customer and back-end operations of several automakers, including BMW, Ferrari, Ford, Jaguar-Land Rover, Mercedes-Benz, Porsche and Rolls-Royce.
The findings are a followup to the group's discovery late last year of flaws in SiriusXM's telematics service that created breaches in Honda, Hyundai, Nissan and Toyota models.
The white hat hackers gained access to this latest round of vulnerabilities, including detailed customer information and internal administrative functions, which the group did not disclose until earlier this month because of a self-imposed 90-day moratorium, Sam Curry, an Omaha, Neb., security engineer, told Automotive News.
The moratorium, inspired by the policies of the Google Project Zero security research team, is designed to express intent to disclose, but also to allow time to work with vendors to plug the security gaps, Curry said. The researchers also hacked service providers Spireon and Reviver, Curry said.
Ford, Mercedes-Benz, Reviver and Spireon told Automotive News that they have closed the breaches.
Ford said it fixed the problem after learning of the issue through its "bug bounty" program.
Porsche Cars North America spokesperson Marcus Kabel said the company permanently monitors its systems. "We take any indications of vulnerabilities very seriously," he said. "Our top priority is to prevent unauthorized access to the systems in our vehicles by third parties."
— Karn Dhingra
What you need to know
