White hat hackers at Pen Test Partners were able to exploit critical vulnerabilities in popular ‘smart’ car alarm apps and unlock vehicles, listen in on driver conversations and even kill the engine while running.
Researchers were able to access profiles because one simple ‘modify user’ request in the code was not being correctly checked for validation. Cloning of the alarm key fob was possible using the app enabling any smartphone to unlock a car.
Read the article at Forbes.