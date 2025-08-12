Threat actors could leverage security issues impacting a major unnamed automaker's online platform used by over 1,000 dealerships across the U.S. to facilitate remote vehicle compromise and personal data exfiltration, according to SecurityWeek.
Aside from enabling the discovery of account registration forms and the creation of a 'national admin account' allowing total platform access, the automaker's platform also has vulnerabilities permitting vehicle ownership transfers to a new account, reported Harness researcher Eaton Zveare at the DEF CON 33 security conference. All car models since 2012 with a standard telematics module could also be remotely located, unlocked, or started by threat actors with a knowledge of their owners' names, said Zveare. Moreover, attackers could also harness the flaws to obtain customer and employee information, including personal details, financial documents, contracts, and automobile tracking details, noted the researcher, who added that the bugs were since addressed by the automaker.
