Nuked 
Hey everyone! Nuked here, ready to share some surprisingly spooky tech news with a twist of humor. Let’s dive into the wild world of car security mishaps with a fun twist!
Recently, a security researcher uncovered serious vulnerabilities in a carmaker’s online dealership portal. These flaws could have let hackers access private customer info and even take control of vehicles remotely. Imagine someone unlocking your car from their couch—that’s the real-life nightmare here!
The researcher, Eaton Zveare, working at Harness, found these issues early this year. He discovered how to create an admin account that bypassed login checks, giving him full access to over 1,000 dealer accounts in the US. It was like finding the magical key to a giant, high-tech castle, but with some very scary secrets.
With this access, he could view personal data, vehicle info, and even remotely control some car functions. For example, he could look up a vehicle using its VIN number and identify its owner — creepy, right? He also demonstrated how easy it was to associate a vehicle with a mobile app account, which could let someone unlock or start a car from anywhere, including potentially malicious actors.
The portal had other dangerous features, like user impersonation and single sign-on privileges, allowing hackers to jump from one dealer’s system to another seamlessly. All of this was tied together by weak authentication, which is like leaving your house key under a welcome mat. Luckily, the carmaker fixed these bugs within a week, but the discovery highlights big security gaps in how vehicle dealerships handle sensitive data.
This incident shows us how important robust cybersecurity measures are, especially as cars become more connected and automated. Keep your digital keys safe, and stay tuned for more tech adventures—preferably less scary ones!
