Hyundai Fixes Blue Link App After Researchers Identify Vulnerabilities

Researchers uncovered vulnerabilities that could allow car thieves to break into Hyundai cars through the automaker's mobile app.

Hyundai

Connectivity may have added a new layer of features to modern cars, but it also introduced the term "car hacking" to the popular vernacular. Like any other piece of software, the apps that interact with a car's internal systems aren't always ironclad.

Cyber-security researchers have found a vulnerability in the Hyundai Blue Link mobile app that could give criminals access to cars, Reuters reports. This security issue was known to exist for three months before Hyundai fixed it, in March, according to Tod Beardsley, research director at Rapid7 Inc., the firm that discovered it.

Both Beardsley and Hyundai told Reuters they knew of no cases of car thieves exploiting the software vulnerability before a fix was pushed last month. The Blue Link app allows car owners to do things like remotely lock and unlock doors and start the engine, but the software issue could have allowed third parties to take advantage of those same functions.

The vulnerability was reportedly introduced with an update that went live December 8. To exploit it, a hacker would have to be near the target vehicle while the owner used the app with an unsecure WiFi connection, Beardsley said. While the bug might have let thieves start cars, it's also unlikely they would have been able to drive them very far without an actual key fob onboard.

Car hacking is rising in the public consciousness, even serving as a plot point in The Fate of the Furious in the form of a remote-controlled horde of "zombie cars." The Hyundai software issue wouldn't have allowed criminals to take control of moving vehicles, but it does illustrate the increased vulnerability of modern cars to tampering.

A computerized car's main defense against hacking used to be the fact that all of its systems were separated from any network. But with the rise of telematics systems, connected apps, and onboard WiFi, that's no longer the case. Cars now face similar security issues to computers or smartphones and, like those devices, ironclad software is the front line of defense.