Tens of thousands of cars were left exposed to thieves due to a hardcoded password

The maker of a popular vehicle telematics system has left hardcoded credentials inside its mobile apps, leaving tens of thousands of cars vulnerable to hackers.

Security updates that remove the hardcoded credentials have been made available for both the MyCar Android and iOS apps since mid-February, the security researcher who found this issue told ZDNet today.

Similarly, the hardcoded credentials were also removed on the server-side to prevent any abuse against users who failed to update their apps.