Two researchers disclosed this week that a bug in a popular internet-connected vehicle management system could give hackers enough access to track a vehicle’s location, collect user information, and even cut out the engine.
The system, developed by a telematics company called Calamp, is said to be used in a good portion of modern vehicles which owners may not even be aware of. One such app called Viper SmartStart, which allows users to locate, start, and control their car from their phone, uses a Calamp modem to connect to its cloud-based servers
The researchers also said that they were able to access usernames, passwords, vehicle history reports, alarm sounding histories, and payment charts.
Calamp announced that it had patched the flaw immediately after being notified by the researchers.