Hardcoded credentials concerns – MyCar mobile apps (8th Apr 2019)

Preface: MyCar add smartphone-controlled geolocation, remote start/stop and lock/unlock capabilities to a vehicle with a compatible remote start unit.

Vulnerability details:
MyCar Controls mobile applications prior to v3.4.24 on iOS and prior to v4.1.2 on Android contains hard-coded admin credentials. For specifics details, please refer to diagram.

Reference:https://kb.cert.org/vuls/id/174715/