In early September, we made it our goal to find as many vulnerabilities in as many car companies as possible. Over the next few months, we were able to remotely start/stop, lock/unlock, flash lights, open trunks, and honk the horns of all smart-enabled Toyota, Nissan, Infiniti, Genesis, Honda, Accura, and Lexus vehicles. We gained intimate access to the internal networks of BMW and Mercedes-Benz, being authorized as fully permissioned SSO users with access to dealer portals, Github, Slack, and hundreds of mission critical applications. We found systemic access control vulnerabilities affecting telematic and fleet-management companies, allowing us to dispatch and track police cars, ambulances, and truckers. Join us as we discuss our findings as web hackers attempting to hack the auto industry!