The SiriusXM software flaw makes Toyota, Honda, Hyundai and Nissan vehicles accessible through a problem in the computer code, which has since been fixed.
A security flaw has been discovered in SiriusXM‘s connected vehicle services that has left the vehicles of numerous automakers vulnerable to hacker attack. Automotive News claims that investigators were able to control numerous functions, including unlocking the doors and starting the engine. The issue has reportedly been fixed.
The issue was initially discovered by software security researchers snooping around a 2022 Hyundai Sonata Hybrid. An unspecified glitch in the computer code allowed investigators to locate the car, activate the horn, lights, door locks and start the engine, provided they had the vehicle identification number (VIN). The steering, throttle, brakes, and systems needed to drive the car were inaccessible remotely.
Using this information, the researchers accessed models from Honda, Toyota, and Nissan in the same way. A deeper dive into the problem found that the issue is related to SiriusXM connected services, which offers a variety of remote assists including automatic accident notification, vehicle monitoring and stolen vehicle recovery, geofencing, and more.
According to SiriusXM‘s connected services website, the company has programs with 15 OEMs, offers more than 50 connected services, and is active in more than 12 million vehicles. Other automakers besides Honda, Toyota, Nissan and Hyundai were not mentioned in the report.
Once the flaw was discovered, investigators notified SiriusXM and the car manufacturers. In a statement to Automotive News, SiriusXM said the issue “was resolved within 24 hours of the report being filed. At no time was any subscriber or other data compromised, nor was any unauthorized account modified using this method.” Statements from Hyundai and Honda indicated that there were no known malicious actions or compromised accounts as a result of the issue.
As wireless technology evolves in the automotive arena, the question of security continues to arise. In early 2022, a 19-year-old hacker was able to gain control of Tesla vehicles and reported the issue to Tesla. There was a fairly high-profile incident in 2015 where a Jeep Cherokee was remotely hacked. However, it is not just a concern for modern connected systems. A 2019 study highlighted how signals from key fobs can be intercepted and used to unlock or start vehicles.