CalAmp Allowed For Remote Hack of Connected Cars

Connected cars are the hottest area in the world of automotive. Securing those vehicles from cyber attacks and remote takeovers should be equally as hot. Two researchers found that in some cars, a number of applications in connected to a particular server and through this server it is possible to exploit a weakness that allows those vehicles to be hijacked. This server is managed by telematics company CalAmp. 

According to the researchers, this server runs a number of popular applications such as Viper SmartStart, which allows users to control certain aspects of the vehicle through a mobile device. Being able to locate, lock and unlock the car, as well as starting the call, can all be done through this application. 

The researchers found that the Viper vehicle application would connect to 2 servers, one of which is Viper’s and the other CalAmp’s. Using credentials from the Viper application, the researchers had complete access to CalAmp’s server. 

“We could do a lot of stuff — pretty much any scenario that we could think of was disastrous, like mass stealing cars or turning off vehicle via panic button when going with a high speed” one researcher stated.

With this vulnerability, criminals could easily locate a vehicle that utilized the company’s system, unlock it, start it, and drive away in their easily stolen car.

CalAmp closed the hole created after the researchers’ inquiry, the company spokesman noted:

“CalAmp takes the matter of IT and data security seriously. Once we received the bug report, our team promptly investigated and developed a patch to address it. We believe that this matter has been resolved without issue.”


Roy Shpitalnik

lived the life of a BlackBerry since 2009 so I was first exposed to 8900. With Israeli cellular world history, training and knowledge for more on BlackBerry, I decided to join the community. When the Media bash BlackBerry on regular basis i decided to Join BerryIL.COM. The true must be published. Contact me on Twitter : @SimpleBerryRoy