{"id":13049,"date":"2025-08-12T08:43:13","date_gmt":"2025-08-12T15:43:13","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=13049"},"modified":"2025-08-12T09:43:38","modified_gmt":"2025-08-12T16:43:38","slug":"security-expert-reveals-hacker-could-remote-control-cars-through-major-automakers-dealership-portal","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2025\/08\/12\/security-expert-reveals-hacker-could-remote-control-cars-through-major-automakers-dealership-portal\/","title":{"rendered":"Security Expert Reveals Hacker Could Remote Control Cars Through Major Automaker’s ‘Dealership Portal’"},"content":{"rendered":"\n

These modern connected cars are worse spying devices than smartphones<\/a>, and car manufacturers and their developers are not proficient enough with security. And if you remove the sim or disable the connection leading to not implementing firmware updates, they’ll void your warranty<\/a>. Everything is being turned into a sneaky data collection device so the OCGFC, Owners and Controllers of Global Financialized Capital, can form extremely detailed profiles on you to profit from now through their data brokers, but eventually lock you into a digital Panopticon where you’ll be imprisoned and possibly killed if you’re not deemed useful. Just look at what they got away with during the COVID scamdemic with experimental mRNA gene therapies killing a maiming, and now profiting off people by giving them Gila monster venom based pharmaceuticals<\/a>. With digital ID and vaccine passports brought on by a future scamdemic, you won’t be able to escape whatever pharmaceuticals they want to give you, probably with hot lots of death, and they’re even working on delivering pharmaceuticals through aerosols, self-spreading vaccines, mosquitos…<\/p>\n\n\n\n

https:\/\/www.zerohedge.com\/technology\/security-expert-reveals-hacker-could-remote-control-cars-through-major-automakers<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n

By Tyler Durden<\/p>\n\n\n\n

In a shocking cyber security incident that should terrify every American, a top security researcher has revealed how he gained “unfettered access” to a major carmaker’s dealership portal<\/strong> – potentially allowing hackers to remotely hijack any customer vehicle from anywhere in the world.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Eaton Zveare, a security researcher at software delivery company Harness, made the alarming disclosure to TechCrunch, explaining how the devastating flaw could have enabled cybercriminals to access victims’ personal and financial data, track their vehicles in real-time, and even seize complete control of vehicle<\/strong>s from any location globally.<\/p>\n\n\n\n

While Zveare refused to name the vulnerable automaker, he confirmed it’s a popular car company operating multiple brands under its corporate umbrella, meaning millions of Americans could have been at risk.<\/p>\n\n\n\n

TechCrunch<\/a> reports:<\/p>\n\n\n\n

\n

Zveare, who has found bugs in carmakers\u2019 customer systems<\/a> and vehicle management systems<\/a> before, found the flaw earlier this year as part of a weekend project, he told TechCrunch.<\/em><\/p>\n\n\n\n

He said while the security flaws in the portal\u2019s login system was a challenge to find, once he found it, the bugs let him bypass the login mechanism altogether <\/strong>by permitting him to create a new \u201cnational admin\u201d account.<\/em><\/p>\n\n\n\n

The flaws were problematic because the buggy code loaded in the user\u2019s browser when opening the portal\u2019s login page<\/strong>, allowing the user \u2014 in this case, Zveare \u2014 to modify the code to bypass the login security checks.<\/em><\/p>\n<\/blockquote>\n\n\n\n

No one even knows that you’re just silently looking at all of these dealers’ data, all their financials, all their private stuff, all their leads<\/strong>,” Zveare told the news outlet in his explosive interview.<\/p>\n\n\n\n

The researcher demonstrated the hack’s terrifying potential, explaining: “For my purposes, I just got a friend who consented to me taking over their car, and I ran with that. But [the portal] could basically do that to anyone just by knowing their name \u2014 which kind-of freaks me out a bit \u2014 or I could just look up a car in the parking lots.”<\/p>\n\n\n\n

They’re just security nightmares waiting to happen<\/strong>,” he added, highlighting the industry-wide vulnerabilities that could leave American families exposed to cyber attacks.<\/p>\n\n\n\n

Fortunately, the carmaker acted swiftly after being notified, with Zveare confirming that the critical vulnerabilities were patched within one week in February 2025.<\/p>\n\n\n\n

“The takeaway is that only two simple API vulnerabilities blasted the doors open, and it’s always related to authentication,” said Zveare. “If you’re going to get those wrong, then everything just falls down.”<\/p>\n\n\n\n

The revelation underscores the growing threat of cyber warfare targeting America’s critical infrastructure, raising serious questions about whether our automotive industry is doing enough to protect Americans from hackers.<\/p>\n","protected":false},"excerpt":{"rendered":"

These modern connected cars are worse spying devices than smartphones, and car manufacturers and their developers are not proficient enough with security. And if you remove the sim or disable the connection leading to not implementing firmware updates, they’ll void your warranty. Everything is being turned into a sneaky data collection device so the OCGFC, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-13049","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/13049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=13049"}],"version-history":[{"count":3,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/13049\/revisions"}],"predecessor-version":[{"id":13060,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/13049\/revisions\/13060"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=13049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=13049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=13049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}