South Korean car manufacturer Hyundai has offered its MyHyundai app for a number of years now, with its Blue Link functionality letting users remotely locate, unlock, and even start their car from both their smartphone and Android Wear-powered watch. Researchers from cyber security firm Rapid7, however, discovered that an early December update to the app expanded those features to not just the car’s owner, but everyone, thanks to a now-patched exploit.
A Hyundai spokesperson claimed that there are no confirmed cases of the bug being exploited in the wild, but in any case the news should still be of concern to users of smart vehicles of any kind. As Reuters points out, this is just yet another in a string of similar cases, such as the 2015 Fiat Chrysler recall following the discovery of a hack enabling third parties to remotely control vehicles.
Blue Link, fortunately, lacks the ability to control a moving car, and the exploit in question also required proximity to a user of the vulnerable app version. Still, as the time passes and almost every IoT gadget inevitably gets hacked, it’s getting ever more apparent that not everything we own should necessarily be smart, particularly so when the object in question costs thousands of dollars.