In what may be one of the worst examples of cybersecurity, Hyundai is being called out for using example encryption keys for its security.
Encryption keys are critical components of modern cryptography. The key used to decrypt sensitive information is supposed to be carefully and closely guarded.
According to The Register, Hyundai’s programmers seemed to have missed the memo and instead used cryptographic keys found in publicly available programming tutorials.
A developer, going by the handle “greenluigi1,” discovered he could overwrite Hyundai’s infotainment system with his own software thanks to Hyundai using publicly available crypto keys. Once he discovered them, it was a relatively simple matter trick the system into accepting his software as a valid update.
The entire situation is a case study in bad programming, not to mention the danger drivers can be exposed to as a result. If a vehicle’s computer system is compromised, there’s no limit to the dangerous scenarios that can result if key parts of the vehicle’s software are replaced with malicious elements.
As manufacturers create vehicles that are increasingly connected to the rest of the world, they’re going to have to do a much better job securing those vehicles — or Hyundai will need to, at the very least.