Automotive Cybersecurity: Protecting Connected Cars from Remote Exploits
The exposure of 'Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere' highlights a critical and growing vulnerability in the connected car industry. This creates a significant demand for specialized cybersecurity services focusing on automotive systems and IoT devices. Opportunities abound for firms offering penetration testing, secure software development for vehicle systems, real-time threat monitoring, and robust data encryption solutions specifically for the automotive sector, addressing both consumer safety and brand reputation.
Origin Reddit Post
r/technology
Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere
Posted by u/Logical_Welder3467•08/11/2025
Top Comments
u/A_Harmless_Fly
I have hope for the slate truck, not much but I have some hope.
u/EatonZ
You could only do things the mobile app can do, and this is not one of them.
u/RBR927
Can you not think of a single use case where being able to remotely unlock your car might be useful…?
u/EatonZ
It was fixed in February. You can view the deck here: https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Eaton%20Zveare%20Roshan%20Piyush%20-%20Unexpected%20Connections%20
u/Festering-Fecal
Can we please get a option for dumb vehicles.
I don't want spyware on wheels.
u/quantum_conspiracy
VW has ten brands. Volvo has at least 6.
u/auditorydamage
Based on the description of “a widely known automaker with several popular sub-brands,” my guesses are GM or Stellantis.
u/psaux_grep
Technically using a remote is «remote unlocking».
But it’s a fantastic feature sometimes.
Problem is the infosec capabilities of most car manufacturers. Especially their inability to push
u/Blue10022
Do you plan to release a white paper when it’s fixed?
u/quantum_conspiracy
Doesn't exist, at least not in cars. Between safety (airbags) and pollution controls, there are federal regulations in the USA mandating data collection. Cell connections are not required - y
u/DZello
OnStar would be my guess.
u/kaishinoske1
And yet you can find out who it is by going to the [CVE](https://www.cve.org/) website and start your search there.
u/Bad_Habit_Nun
No, life isn't the movies. You can really only do what the app/software was designed to do.
u/Festering-Fecal
Negative. Modern cars spy on you as well as sell your driving data to 3rd parties including insurance companies.
This isn't some conspiracy theory it's facts and the courts said it's legal.
u/Cobby1927
Not naming the automaker sounds like "I hacked it but I'll fix it for a fee."
u/nicuramar
Features like this are optional and require subscription most often.
u/Hyperion1144
My new car's manual specifically says it doesn't keep speed or location histories. Maybe it still does, but to collect the data but also explicitly state otherwise sounds like lawsuit bait to
u/Fit-Produce420
Exist?
Most new cars have 4G/5G and an app.
u/Psilocybin-Cubensis
Yes this is true, but it doesn’t make the vehicle more likely to fail. Just opens up a possibility it can in that way. I agree with your overall point, I just want to make the logical falla
u/slightly_drifting
Nice finds!
So basically you used some BURP-like tool and intercepted the auth data, mangled it, bypassed the gate and made a global admin account? I’m sure I’m oversimplifying it, but holy
u/The-ClownFish
Odd question here…. any plans? 😂😂😂
u/Bad_Habit_Nun
Nothing new. I remember when Viper first released their phone app, you could shut down, lock/unlock any car connected to the network. Honestly that's just all vehicle security, it'saa cheap a
u/EatonZ
At this time I am not able to name the automaker. The vulnerabilities were responsibly disclosed.
u/9-11GaveMe5G
Then they blame the requirements for airbags and other safety features for the ever higher prices
u/Hyperion1144
My nice, brand new car has no internal internet access capability and this makes me happy.
u/Bunkerman91
I would rather pay a locksmith when the occasion comes up the have a constant security risk
u/EatonZ
Not quite. I'll share the DEF CON slide deck and/or blog post soon which will have all the technical details.
Edit: here - https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentat
u/Festering-Fecal
It's being made off of bozo so I won't hold my breath
u/Dannyz
Seen several demos of people remotely controlling cars. But okay
u/Cobby1927
Not naming the automaker sounds like "I hacked it but I'll fix it for a fee."
u/Bunkerman91
Why the fuck do cars that can be remotely unlocked even exist?
The urge to cram as many superfluous antennae and microchips into everything from cars to dildos to toasters is absolutely inc
u/nekonight
This is standard for security researchers. Most will only release a generalized information as a heads up to the public if at all and contact the company about the security flaw. Eventually o
u/Hyperion1144
But there are still some new cars without either, fortunately.
u/Dannyz
Nice job. Could people remote speed up or apply the breaks?
u/EatonZ
The "one hacker" here. 👋
This one was a lot of fun, and the title of this article is only scratching the surface of what else was possible. 👀
u/tacmac10
On my bolt I just pulled the fuse for onstar and the cellular modem
u/nekonight
This is standard for security researchers. Most will only release a generalized information as a heads up to the public if at all and contact the company about the security flaw. Eventually o
u/nicuramar
People on Reddit often have pretty poor imagination when it comes to people with different wants, needs or priorities than themselves :p
u/Bunkerman91
Why the fuck do cars that can be remotely unlocked even exist?
The urge to cram as many superfluous antennae and microchips into everything from cars to dildos to toasters is absolutely inc
u/Hyperion1144
There are perfectly good base model cars in the 2025 model year with no native internal internet access. They might come with Android Auto/Carplay and that's it.