Curry, who works for New York-based Yuga Labs, a blockchain-based software development company, is known in cybersecurity circles for his interest in automobile telematics.
In September 2022, a hacker reached out to Curry to show him how he had breached Uber’s backend systems and compromised the ride-hailing service’s Amazon and Google-hosted cloud environments where the company stores its source code and customer data.
The automakers and SiriusXM said no mishaps resulted from the potential security breach.
“Honda is aware of a reported vulnerability involving SiriusXM connected vehicle services provided to multiple automotive brands, which, according to SiriusXM, was resolved quickly after they learned of it,” Jessica Fini, a Honda spokeswoman, said in a statement. “Honda has seen no indications of any malicious use of this now-resolved vulnerability to access connected vehicle services in Honda or Acura vehicles.”
In a statement, SiriusXM Connected Vehicle Services said that “the issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method.”
Hyundai spokesman Ira Gabriel told Automotive News that the automaker worked with third-party consultants to investigate the vulnerability as soon as Curry and his team brought the security issues to their attention.
“Importantly, other than the Hyundai vehicles and accounts belonging to the researchers themselves, our investigation indicated that no customer vehicles or accounts were accessed by others as a result of the issues raised by the researchers,” Gabriel said.
To hack a Hyundai, Gabriel said one needed the email address associated with the account, along with the VIN and the script, or code, used by the hackers.
Nevertheless, Hyundai implemented countermeasures within days of notification to further enhance the safety and security of its systems, he said.
Curry told Automotive News that he thought automakers could make their smartphone applications more secure through standardization, but they each take separate approaches in developing their applications.
“This is a really complicated issue, but I’d like to think our research helped remedy some of them,” Curry said. “Developing industry standards and standardizing protocols would help.”
