Grand Theft API
Neiko (Specters) Rivera
SAINTCON 2025 · Day 3 · Main Track 3
In the SAINTCON talk "Grand Theft API," Neiko Rivera, a seasoned bug bounty hunter and former Red Teamer at Rivian Automotive, exposes a series of critical vulnerabilities in the **Application Programming Interfaces (APIs)** of modern vehicles. Rivera details how fundamental security misconfigurations, primarily conflating **authentication** with **authorization**, allowed him and his collaborators to remotely control essential vehicle functions across multiple car manufacturers, including Hyundai, Genesis, Kia, and Nissan. This presentation serves as a stark warning about the nascent state of automotive cybersecurity, particularly concerning the burgeoning ecosystem of connected car services.