Contact Contact Us

Hardcoded Password in Car App Lets Attackers Control Users' Cars

An application that lets users control their car remotely has administrator credentials hardcoded into its source code, leaving tens of thousands of cars vulnerable to hackers. An attacker can extract the credentials from the app source code and use it to access any user account, thereby giving them control of the victim's vehicle. The app owner has since updated its software to remove the hardcoded credentials, adding that the vulnerability did not cause any accident or compromise users' privacy.

[1] MyCar Controls Uses Hard-coded Credentials

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883