Track, in real time, the location of a certain car. Once you see that it's parked, just head over and unlock it using nothing but your phone. In fact, why wait? Just go to any parking lot, look up the VIN, and unlock it. And if you need a little more fun, just cancel some car shipments, because you're a national admin within the brand's online dealership portal, except that you're actually not. You're a hacker.
Thankfully, Eaton Zveare, who actually acquired for himself the ability to do all that, is not a criminal mastermind. As a security researcher, his job is to try to think like one. Per TechCrunch, he was messing around on "a weekend project" when he discovered the exploit within the brand's portal, which was "two simple API vulnerabilities." (Zveare didn't reveal which brand it was, except to say that it was a famous one with several sub-brands.)
Read Article