Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

Automakers have taken to integrating some rather fancy in-dash infotainment systems over the years, some of which can even work with your phone to access apps and media on the go. These displays are supposed to be firewalled from the rest of the car. But security researchers say that some Volkswagen vehicles have infotainment systems that provide access both to personal data and maybe even automobile functions via a remote hack.

Most of the attack fits into the “annoying but survivable” category. Computest researchers Daan Keuper and Thijs Alkemade found a bug in VW vehicles running the Discover Pro infotainment systems, specifically the Golf GTE and Audi A3 e-tron. The vulnerability lies in the head units, which are manufactured by Harman. A port was left exposed that allows remote access to the system over Wi-Fi. When you’re in, there’s almost nothing stopping you from controlling the infotainment system.

According to the researchers, they can control the speakers, change what’s on the display, and turn the system on and off. It’s even possible to turn on the microphone and eavesdrop on the driver and passengers. The system, which is based on a Nvidia Tegra 2 SoC and running QNX, also handles decoding tasks and the car’s radio. So, those are fair game, too. You could be driving along, and suddenly your car starts blasting “Never Gonna Give You Up.”

Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

At first, the researchers thought they only had read access to the car’s storage, but it turns out they could write files as well. That opens up a whole new world of code execution attacks. Keuper and Alkemade believe it would be possible to send commands through the RCC (car control unit) to bypass the firewall between infotainment and car functionality. However, that would require them to physically compromise a security chip protected by intellectual property. That would probably be illegal, so they discontinued their investigation at that point.

Keuper and Alkemade alerted Volkswagen to the vulnerability last summer, and the car maker recently confirmed the findings. Volkswagen says it’s created a patched version of the infotainment system software, which is loaded on new vehicles. However, there’s no way to patch cars remotely that are already running the hackable version. Owners will have to go to dealerships to have the new software installed. Security updates on a car aren’t exactly a high priority, so it’s unlikely most service centers will even realize there’s a remote hack for the affected vehicles.

Continue reading

Remote-Control Firefighting Tank, Other Projects Receive Millions in 5G Grants
Remote-Control Firefighting Tank, Other Projects Receive Millions in 5G Grants

The Australian government announced late last year it would be providing organizations with up to $2 million AUD each in grants for 5G projects. Now it has revealed the winners.

Toyota Now Charges a Subscription Fee to Use Remote Start Functionality
Toyota Now Charges a Subscription Fee to Use Remote Start Functionality

Toyota thinks you should pay a subscription fee for the privilege of using a short-range radio signal to start your car.

Microsoft Discovers “Triple Peak” Work Day for its Remote Employees
Microsoft Discovers “Triple Peak” Work Day for its Remote Employees

For some employees, the flexibility of working from home is leading to more work, at later hours.

The Week in Space: Investigating Perseverance’s Parachute, NASA Extends Remote Exploration, and the Crew-4 Mission
The Week in Space: Investigating Perseverance’s Parachute, NASA Extends Remote Exploration, and the Crew-4 Mission

NASA is extending multiple remote missions, the Crew-4 private spaceflight docked safely with the ISS, and there's a conjunction between Venus and Jupiter this weekend if you feel inclined to stargaze.