A vulnerability in vehicle authentication allows threat actor with valid client credentials (i.e., a private key and certificate from a rooted infotainment system) to impersonate arbitrary VINs when authenticating to the telemetry server.

The attacker would be able to submit falsified telemetry records for arbitrary VINs.