. home.aspx



Cars Exposed to Hacker Attacks by Hardcoded Credentials in MyCar Apps

April 10, 2019 / Ionut Arghire

Hardcoded admin credentials found in the MyCar Controls mobile applications could have been exploited to locate and gain physical access to a vehicle. A small aftermarket telematics unit from Montreal, Canada-based AutoMobility, MyCar provides users with a series of smartphone-controlled features for their cars, including geolocation, remote start/stop and lock/unlock capabilities. “The easy-to-use MyCar app interface gives you control to remote start, lock, unlock and locate your vehicle from anywhere just by pushing a button on your smartphone,” the vendor says. Directly from their smartphones, users can pre-warm or pre-cool the car’s cabin, lock and unlock the doors, control the vehicle’s security system, open the trunk, and easily find the car in a parking lot. Both iOS and Android applications are available, and they can be used on vehicles with a compatible remote start unit. Tens of thousands of people are using these applications. Hardcoded admin credent...