Hyundai Patches Vulnerabilities in Blue Link Application

Automobile manufacturer, Hyundai, patched security vulnerabilities in versions 3.9.4 and 3.9.5 of Blue Link, a mobile application that allows vehicle owners to remotely start, lock, and unlock their vehicles as well as monitor maintenance requirements. The vulnerabilities within the application exposed sensitive information that could potentially allow unauthorized parties to track, unlock, and start Hyundai vehicles if the owner’s mobile device is connected to a compromised WiFi network. The vulnerabilities, CVE-2017-6052 and CVE-2017-6054, were discovered by Rapid7 security researchers in February and were fixed in the Blue Link v3.9.6 update released on March 6th and March 8th for Android and iOS, respectively. The NJCCIC recommends all users review Rapid7’s security advisory and update to Blue Link v3.9.6 as soon as possible.