Latest Threat Research: Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks

Get Informed

Search

MyCar Mobile App Vulnerabilities

MyCar, an app available on iOS and Android platforms, allows the user of the app to remote start, lock or unlock the vehicle doors, locate their vehicle and arm or disarm the alarm system, has been found to be vulnerable to attackers who attempt to steal the user’s credentials. Admin credentials are hard-coded into the app and allow an attacker to access the user’s personal data, location of the vehicle and to even physically enter the vehicle. The company that developed the app, Automobility Distribution Inc, has provided an update for the system that revokes the admin credentials and reverts to the user’s individual username and password. Several rebranded versions of the MyCar app are MyCar Kia, Carlink, Linkr and Visions MyCar, which have all been included in the latest update.

Analyst Notes

Users should update to MyCar iOS version 3.4.24 or MyCar for Android version 4.1.2 to fix the issue and remove admin controls.