A security flaw was uncovered in SiriusXM connected vehicle services that left vehicles from numerous automakers vulnerable to a hacker attack. Automotive News states researchers were able to control numerous functions, including unlocking the doors and starting the engine. The issue has reportedly been corrected.
The problem was initially discovered by software security researchers nosing around on a 2022 Hyundai Sonata Hybrid. An unspecified flaw in the computer code allowed researchers to locate the car, activate the horn, lights, door locks, and start the engine, provided they had the vehicle identification number (VIN). Steering, throttle, brakes, and systems required to drive the car remotely weren't accessible.
Using this information, researchers accessed models from Honda, Toyota, and Nissan in the same manner. A deeper dive into the issue found the problem tied to SiriusXM connected services, which offers a range of remote assists including automatic crash notification, vehicle monitoring and stolen vehicle recovery, geofencing, and more.
According to the SiriusXM connected services website, the company has programs with 15 OEMs, offers over 50 connected services, and is active on more than 12 million vehicles. No other automakers aside from Honda, Toyota, Nissan, and Hyundai were mentioned in the report.
Once the flaw was uncovered, researchers notified SiriusXM and automakers. In a statement to Automotive News, SiriusXM said the problem was "resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method." Statements from Hyundai and Honda indicated there were no known malicious actions or compromised accounts resulting from the issue.
As wireless technology evolves in the automotive realm, the question of security keeps arising. In early 2022, a 19-year-old hacker was able to gain control of Tesla vehicles and reported the issue to Tesla. There was a rather prominent incident back in 2015 where a Jeep Cherokee was remotely hacked. It's not just a concern for modern connected systems, however. A 2019 study highlighted how signals from remote key fobs can be intercepted and used to unlock or start vehicles.