Skoda and Volkswagen Cars May Be Susceptible to Hacking Due to Infotainment System Vulnerabilities

Security researchers have found vulnerabilities of low-to-medium criticality in choose Skoda and Volkswagen automobiles that will allow malicious actors to set off sure controls, a cybersecurity agency introduced on the Black Hat Europe 2024 occasion this week. At least 12 new vulnerabilities have been discovered impacting the infotainment methods within the newest mannequin of Skoda Superb III — a D-segment sedan manufactured by the Volkswagen Group which entered manufacturing in 2015. Although menace actors would want to connect with the automobile through Bluetooth to get entry, the assault could also be carried even from a distance.

This builds upon the earlier discovery of 9 safety flaws in the identical automobile that have been reported final 12 months.

Vulnerabilities in Skoda Cars

Cybersecurity agency PCAutomotive printed a report detailing the vulnerabilities found within the third-generation mannequin of Skoda Superb. The German sedan’s MIB3 infotainment system could enable malicious actors unrestricted code execution entry, enabling them to run malicious code upon startup. It is claimed to supply distant entry to the automobile’s methods.

They might be able to monitor its pace and placement in actual time, listen in on the in-car microphone, play sounds, and management its infotainment system. Another flaw could enable them exfiltrate the cellphone contact database if contact synchronisation with the cellphone is enabled. Further, the vulnerabilities might additionally enable entry to the CAN bus which is used to attach with the automobile’s digital management models (ECUs).

Although there are numerous suppliers of the MIB3 infotainment system, the researchers particularly speak concerning the one manufactured by Preh Car Connect Gmbh. It impacts the next fashions:

1. Skoda Superb III
2. Skoda Karoq
3. Skoda Kodiaq
4. VW Areteon
5. VW Tiguan
6. VW Passat
7. VW T-Roc
8. VW T-Cross
9. VW Polo
10. VW Golf

The gross sales information suggests {that a} whole of 1.4 million autos from the Volkswagen Group are in danger. PCAutomotive reported the vulnerabilities to Skoda as a part of its cybersecurity disclosure program. In an announcement given to TechCrunch, Skoda revealed that they’ve been addressed and eradicated. “At no time was and is there any hazard to the protection of our prospects or our autos”, the German automotive firm mentioned.