Preface: MyCar add smartphone-controlled geolocation, remote start/stop and lock/unlock capabilities to a vehicle with a compatible remote start unit.
Vulnerability details:
MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. For specifics details, please refer to diagram.
Reference:https://kb.cert.org/vuls/id/174715/