On August 10, 2025 at DEF CON 33 in Las Vegas, I presented what could possibly be the biggest vulnerability I may ever discover in the automotive industry. Read and watch how I managed to take over a top automaker’s entire dealer ecosystem.

Industrial generator smart platform had insecure APIs that could enable remote control by anyone.

Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into internal websites.

A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.

(ASPEN) APIs are crucial for web apps but pose security risks. I uncovered a critical flaw in Honeywell’s BEDQ system, highlighting the need for strong API security.