A security flaw in SiriusXM’s connected car services has been uncovered, leaving vehicles from multiple automakers vulnerable to hacker attacks. Automotive News States researchers were able to control multiple functions, including opening the doors and starting the engine. The problem has reportedly been fixed.
The issue was initially discovered by software security researchers on the 2022 Hyundai Sonata Hybrid. An unspecified flaw in computer code allowed researchers to locate the vehicle, activate the horn, lights, door locks and start the engine, provided they had the vehicle identification number (VIN). The steering, throttle, brakes and systems necessary to operate the vehicle remotely were not accessible.
Using this information, the researchers accessed models from Honda, Toyota and Nissan in the same way. A deeper dive into the problem found the issue linked to SiriusXM’s connected services, which offer a range of remote assists including automatic crash notification, vehicle monitoring and stolen vehicle recovery, geofencing, and more.
According to the SiriusXM Connected Services website, the company has programs with 15 OEMs, offers more than 50 connected services, and is active on more than 12 million vehicles. Apart from Honda, Toyota, Nissan and Hyundai, no other automakers were mentioned in the report.
After the flaw was uncovered, researchers notified SiriusXM and the automakers. In a statement to Automotive News, SiriusXM said the issue was “resolved within 24 hours of the report being submitted. At no point was any subscriber or other data compromised, nor was any unauthorized use of this method.” The authorized account was modified.” Statements from Hyundai and Honda indicated that there were no known malicious actions or compromised accounts as a result of the issue.
As wireless technology evolves in the automotive realm, the question of security continues to arise. In early 2022, a 19-year-old hacker gained control of Tesla vehicles and reported the problem to Tesla. A notable incident occurred in 2015 where a Jeep Cherokee was hacked remotely. However, this is not only a concern for modern connected systems. A 2019 study highlighted how signals from remote key fobs can be intercepted and used to unlock or start vehicles.