Viper – known as Clifford in the United Kingdom – and Pandora Car Alarm System, which cater for at least three million customers between them, recently became the topic of interest to researchers from Pen Test Partners.
On Friday, the cybersecurity researchers published their findings into the true security posture of these “smart” alarms and found them falling short of the vendors’ claims.
Not only could compromising the smart alarms result in the vehicle type and owner’s details to be stolen, but the car could be unlocked, the alarm disabled, the vehicle tracked, microphones compromised, and the immobiliser to be hijacked.
Experts Comments below:
Aaron Zander, Head of IT at HackerOne:
“Car manufacturers struggle to build a unified system that has all the information that we, as drivers and consumers want, that is still disconnected and segregated enough to protect against vulnerabilities. This doesn’t just end with cars, but extends to all connected systems from home automation to airplane infotainment systems”
Bill Lummis, Technical Program Manager at HackerOne:
“Nothing is unhackable, it’s only more or less difficult to do. Any time you see a company claiming they have something unhackable, you can immediately assume they lack security sophistication.”