Privacy News Volkswagen and Audi Cars Vulnerable to Remote Hacking

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking.

Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models (Audi is a brand part of the Volkswagen Group).

Computest researchers hack VW, Audi via WiFi connection

The two researchers said used a car's WiFi connection to exploit an exposed port and gain access to the car's IVI, manufactured by electronics vendor Harman.

Researchers also gained access to the IVI system's root account, which they say allowed them access to other car data.
...
.... .... .... ....
"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said.

"Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added.
Researchers could have done more, but they stopped

Keuper and Alkemade say the IVI system is also indirectly connected to the car's acceleration and braking system, but they stopped investigating the possibility of interacting with those systems fearing they might breach Volkswagen's intellectual property.

All in all, besides the WiFi attack vector that allowed remote access to a car's IVI, researchers also found other flaws that could be exploited via USB debugging ports located under the car dashboard.

Researchers found all these flaws in July 2017, and they reported all the issues to Volkswagen, even participating in meetings with the car maker.
... .... ...
 
F

ForgottenSeer 58943

not a security risk, no one sane would buy a Volkswagen :ROFLMAO:

Gotta agree with this.. There's fields of them rotting all over the USA right now.. :unsure:

victorville-california.jpg
 

CharlieBrown

Level 1
Verified
Mar 21, 2018
17
South Africa certainly seems to like the VW brand. They captured the number one spot in new car sales in 2016 and 51 percent of all government vehicles purchased were VW. They certainly are stolen or carjacked a great deal there.
 
  • Like
Reactions: upnorth

CharlieBrown

Level 1
Verified
Mar 21, 2018
17
Are all those VW products? With regard to the photo it seems all makes are represented in the where all unsold cars go to die category. The sheer numbers are pretty amazing. Interesting too, the number of newer still decent cars (of all makes) in the junk yards, especially in places like the UK.
Where the World's Unsold Cars Go To Die
 
  • Like
Reactions: upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
Volkswagen's diesel graveyard | Pictures | Reuters

VW spokeswoman Jeannine Ginivan said in a statement on Wednesday that the storage facility in Victorville, California, is one of many "to ensure the responsible storage of vehicles that are bought back under the terms of the Volkswagen" diesel settlements. These vehicles are being stored on an interim basis and routinely maintained in a manner to ensure their long-term operability and quality, so that they may be returned to commerce or exported once U.S. regulators approve appropriate emissions modifications.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top