Want to start your car remotely because it's cold out and you need to warm it up? There's an app for that.
Want to track your car at all times, maybe because your teenager is borrowing it for the night? There's an app for that.
Want to hack into a car's engine, possibly turning it off from anywhere in the world? There's an app for that.
Vice reports that a hacker was able to gain access to thousands of accounts on two GPS tracking apps, giving him real-time info on where the vehicles were, and even control over the engines. So, is it time to be worried that someone will hack your car?
Easy as 1, 2, 3 ... 4, 5, 6
According to Vice's Motherboard blog, a hacker by the name of L&M was able to log in to almost 30,000 iTrack and ProTrack accounts, mostly because the apps assigned users a default password of, and we're not kidding, "123456":
According to a sample of user data L&M shared with Motherboard, the hacker has scraped a treasure trove of information from ProTrack and iTrack customers, including: name and model of the GPS tracking devices they use, the devices’ unique ID numbers (technically known as an IMEI number); usernames, real names, phone numbers, email addresses, and physical addresses. (According to L&M, he was not able to get all of this information for all users; for some users he was only able to get some of the above information.)
"I can absolutely make a big traffic problem all over the world," L&M told Motherboard. "I have fully [sic] control hundred of thousands of vehicles, and by one touch, I can stop these vehicles engines."
L&M was clear to point out the targets of his hack were the app companies, and not the customers. And the ability to remotely turn off engines is limited (at least by these apps) to vehicles that are stopped or going less than 12 miles per hour. On top of that, hacking these accounts, as simple as it was, is very illegal. Still, how do you keep your car safe?
One option is not using remote tracking and engine control apps in the first place. And, if you do, please change the default password, to maybe something not so easy to guess. Tech makes it easier for us to start and track our cars; but it makes that easier for hackers as well.