Several Car Brands Exposed to Hacking by Flaw in Sirius XM Connected Vehicle Service

In a separate Twitter thread this week, Curry reported a different vulnerability, one that allowed researchers to control some functions of Hyundai and Genesis vehicles — including locks, engine, horn, headlights and trunk — by knowing the email address the victim had used to register a user account. Initial tests were conducted on the NissanConnect mobile application, which led to the discovery of a vulnerability that could allow a remote hacker to obtain a vehicle owner’s name, phone, number, address and car details simply by knowing their VIN, which is typically visible on the windshield. Cybersecurity researchers discovered that several car brands were exposed to remote hacker attacks due to a vulnerability in a connected vehicle service provided by Sirius XM.