Hackers Find A Way To Access Your Personal Data Through Your Sirus XM Radio
If something is connected to the internet, there’s a great chance someone will figure out how to hack into it. Cars are increasingly connected, leading to several stories of hackers accessing and breaking various automakers’ vehicle functions. One benevolent hacker took to Twitter to outline an interesting hack he and others were able to pull off on several automakers’ vehicles.
Sam Curry, a security engineer at Yuga Labs, detailed how he and a group of other hackers could gain access to Nissan and other automakers’ vehicles using a vulnerability in their connection with SiriusXM. In addition to satellite radio, the company handles connected services and telematics for several major automakers, including Nissan, Toyota, Acura, and Honda.
The group found websites connected with SiriusXM and used a volunteer Nissan owner’s credentials to log into their account. Once inside, they could find VINs and the owner’s name, phone number, address, and information on their vehicle. From there, they developed a script to scrape the details of any customer using the VIN.