Another week goes by and another half dozen vulnerabilities have been announced, as has sadly become tradition. If you prefer to jump directly to the Chrome and Win7 ones below feel free, but this particular vulnerability Hackaday describes is a bit different from the norm. It seems popular car alarm systems from Viper/Clifford and Pandora can be used quite effectively as carjacking tools.
They both had poorly implemented security protocols which made it fairly trivial to change any users password so you could gain access to the account. That access allows you to locate the car via GPS, listen to what is going on if the car has a microphone open or lock the doors and even start and stop the engine, as well as triggering the alarm. This is as they say, a bad thing, and thankfully it was effectively patched once reported to the companies involved.
"As ethics demand, the group notified the vendors and supposedly the holes have been plugged. Sometimes you hear about a hack that requires some very exotic work, but these were trivially simple. It is unknown if anyone ever used these hacks in a bad way, but it was certainly a real possibility."
Here is some more Tech News from around the web:
- Put down the cat, coffee, beer pint, martini, whatever you're holding, and make sure you've updated Chrome (unless you enjoy being hacked) @ The Register
- A “serious” Windows 0-day is being actively exploited in the wild @ Ars Technica
- Microsoft's latest Windows 10 update is hurting game performance @ The Inquirer
- Microsoft Rolls Out New Skype for Web; Does Not Support Firefox, Safari, and Opera @ Slashdot
- It's a hard drive ahead: Seagate hits density problem with HAMR, WD infects MAMR with shingles @ The Register
- Monolayer resets record for thinnest non-volatile memory device @ PhysicsWorld
- The Raspberry Pi 3A+ is getting Linux 5.1 kernel support @ The Inquirer