Skoda and Volkswagen car vulnerabilities allow hackers to track users remotely

Researchers have found vulnerabilities in the infotainment systems of some Skoda and Volkswagen cars, which could let hackers track users and access sensitive data remotely. PCAutomotive, an automotive cybersecurity firm, revealed 12 security flaws in the latest Skoda Superb III sedan at Black Hat Europe.

Skoda and Volkswagen car vulnerabilities

The vulnerabilities in the MIB3 infotainment unit could allow hackers to inject malware and access vehicle functions without authorization.

The issue affects the 2022 Skoda Superb III and may extend to other Skoda and Volkswagen models with similar systems, potentially impacting over 1.4 million vehicles.

Hackers Can Remotely Track Users
If exploited, these vulnerabilities could let attackers:

• Track GPS location and speed in real time
• Record conversations via the car’s microphone
• Capture infotainment screen images
• Play sounds in the car
• Access the owner’s phone contacts

Danila Parnishchev from PCAutomotive explained that attackers within 10 meters could exploit these flaws via Bluetooth without authentication.

Researchers also found issues in the OBD interface, allowing attackers to bypass UDS authentication. Alarmingly, one flaw could even shut off the engine at high speed, though this requires physical access to the OBD port.

Volkswagen, Skoda’s parent company, has patched the vulnerabilities after they were reported.

Skoda spokesperson Tom Drechsler assured customers there was no risk to safety and said the company is addressing the issues through ongoing improvements.

This incident highlights the need for stronger cybersecurity as vehicles become more connected, emphasizing the importance of robust security measures and regular audits to protect users.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!