Hyundai's BlueLink service can be accessed through a smartphone or smart watch — and by hackers until last month's security software update.
Hyundai’s latest attempt to expand its technological appeal could have ended up becoming a costly snafu for owners and the company.
Last December, the South Korean automaker unveiled a new app for its Blue Link system permitting car owners to start their vehicles remotely, a la General Motors and several other automakers. However, Hyundai unwittingly left an opening in the software that left it susceptible to hackers.
The issue, which was resolved in March, allowed potential car thieves to locate vehicles with the new upgrade, unlock and start them, putting them in a position to be stolen, according to Reuters.
“The issue did not have a direct impact on vehicle safety,” said Jim Trainor, a spokesman for Hyundai Motor America. “Hyundai is not aware of any customers being impacted by this potential vulnerability.”
(New legislation attacks cyber security. Click Here for the details.)
Hyundai says it is unaware of any cases where car thieves exploited the issue before the automaker pushed out a fix to Android and iPhone users in early March. Hyundai isn’t alone in this type of problem. GM faced a similar bug in its OnStar vehicle communication system in 2015. It resolved the problem with a patch as well.
The 2017 Hyundai Ioniq Hybrid comes with a free three-year Blue Link subscription.
In fact, GM had a slightly bigger problem. A reporter revealed a problem similar to Hyundai’s and GM quickly moved to resolve the issue. However, it didn’t take.
The same reporter, Samy Kamkar of Wired, went back and discovered that the company’s efforts didn’t work, forcing GM engineers to issue a second update that solved the problem.
Hyundai’s issue is just one more reminder that automakers continue to face problems from outside threats as they increase their reliance on technology to improve the safety and convenience of new vehicles.
(Click Here for details about the fed’s plan for V2V technology.)
The automaker just announced plans during the New York International Auto Show to offer three years of Blue Link at no charge for the 2017 Ioniq hybrid and on all 2018 models, starting with the Sonata, Elantra GT and Santa Fe Sport.
Among the included features are automatic collision notification, a monthly vehicle health report, remote lock and unlock, stolen vehicle recovery assistance, and remote start with climate control. That last function gets an update for 2018 that allows control of the rear defroster and heated side mirrors on the coming
“What’s changed is not just the presence of all that hackable software, but the volume and variety of remote attack surfaces added to more recent vehicles,” said Josh Corman, director of the Atlantic Council’s Cyber Statecraft Initiative, to Reuters.
In 2014, Fiat Chrysler recalled 1.4 million U.S. vehicles after two security researchers demonstrated that they could gain remote control of a Jeep. They actually managed to drive the vehicle into a ditch. Tesla CEO Elon Musk touted his vehicles’ lack of vulnerability and offered $10,000 to anyone who could hack into the vehicle. He wrote the check not long after issuing the challenge.
(Fighting car hacking is becoming big business. To see why, Click Here.)
Hyundai’s problem is not as frightening as the issue that faced Fiat Chrysler as moving vehicles are not vulnerable to attacks using the Blue Link app, and a hacker would have to be near the vehicle of an owner using the mobile app via an insecure WiFi connection, Beardsley noted.