BBC.com has published an article in which it reports alleged: “serious errors threatening up to 3 million cars”. The claims made in this article are out of context and are not based on truth in order to create a sensation and damage the good name.
According to the information in the articles, the server solution has been broken by changing the vehicle identifier while sending a password change request in the demo account.
According to information confirmed directly by Pandora’s IT department in the manufacturing plant, the system entered the system after 9 days of intense attack requiring the highest level of expertise.
However, among other details, the “attack” was necessary to know the email address that the user uses to communicate with the system. This information is not published anywhere and its abuse was unrealistic even at the time of the attack. Although this kind of misuse and subsequent password change is almost impossible, Pandora immediately resolved the issue upon receipt of the attack and the “error” was removed within 24 hours of receiving the information.
The original articles also included a number of misleading information regarding the ability to control the vehicle remotely while driving, deactivating the system while driving and so on. These claims are unfounded by the fictions that conflict with the basic function of Pandora systems.
In the event of a user account being misused, vehicle location (if equipped with GPS), vehicle unlock (if enabled during installation) and remote start (if installed) are possible. It is by no means possible to leave the vehicle thanks to the multi-element protection of Pandora, which uses identification tags provided by state-of-the-art 128bit AES encryption.
The function of system control and unlocking of the vehicle by the application is an optional feature, and if the customer does not wish to control the system or unlock the vehicle by means of a mobile application, this function can be completely disabled.
You can read the complete analysis of all claims HERE.