W1tch D0kt0rAug 12, 2025
Zack Whittaker

ICYMI from Def Con: Security researcher Eaton Zveare found bugs in a carmaker's centralized dealer web portal's login flow that allowed "unfettered access" to customer data and systems inside. The portal allowed the remote controlling of some car functions, like door unlocking.

Zveare said the bugs, now fixed, highlight the risks of these web-connected data portals that contain gobs of customers' data.

https://techcrunch.com/2025/08/10/security-flaws-in-a-carmakers-web-portal-let-one-hacker-remotely-unlock-cars-from-anywhere/

Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere | TechCrunch

Security researcher Eaton Zveare told TechCrunch that the flaws he discovered in the carmaker's centralized dealer portal exposed vast access to customer and vehicle data. With this access, Zveare said he could remotely take over a customer's account and unlock their cars, and more.

TechCrunch
Aug 12, 2025 at 12:46pmWeb
Show threadsmegAug 12, 2025
@zackwhittaker my guess: General Motors
Show threadAlyssa VoroninAug 12, 2025
@zackwhittaker Cars should not be IoT devices. 😑
Show threadsonicJazzMonkeyAug 12, 2025
@zackwhittaker Car makers won't do anything about it unless it risks lives, or they are about to get sued.
Show threadSpaceLifeFormAug 12, 2025

@zackwhittaker

Also points to the security of a dumb car that 'just works' with a metal key.