Toyota, Mercedes, BMW API flaws exposed owners’ personal info

Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers’ personal information.

The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis.

The vulnerabilities also affected vehicle technology brands Spireon and Reviver and streaming service SiriusXM.

Read more…
Source: Bleeping Computer