05
Dec
Curry also discussed another flaw that affects Hyundai and Genesis vehicles manufactured after 2012. The vulnerability could be used to remotely control locks, engines, headlights, and trunks by using the registered email addresses. “By adding a CRLF character at the end of an already existing victim email address during registration, we could create an account that bypassed the JWT and email parameter comparison check,” stated Curry. However, since then, SiriusXM and Hyundai have released patches to fix the vulnerabilities.
https://thehackernews.com/2022/12/siriusxm-vulnerability-lets-hackers.html
