Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems
Automakers have taken to integrating some rather fancy in-dash infotainment systems over the years, some of which can even work with your phone to access apps and media on the go. These displays are supposed to be firewalled from the rest of the car. But security researchers say that some Volkswagen vehicles have infotainment systems that provide access both to personal data and maybe even automobile functions via a remote hack.
Most of the attack fits into the “annoying but survivable” category. Computest researchers Daan Keuper and Thijs Alkemade found a bug in VW vehicles running the Discover Pro infotainment systems, specifically the Golf GTE and Audi A3 e-tron. The vulnerability lies in the head units, which are manufactured by Harman. A port was left exposed that allows remote access to the system over Wi-Fi. When you’re in, there’s almost nothing stopping you from controlling the infotainment system.
According to the researchers, they can control the speakers, change what’s on the display, and turn the system on and off. It’s even possible to turn on the microphone and eavesdrop on the driver and passengers. The system, which is based on a Nvidia Tegra 2 SoC and running QNX, also handles decoding tasks and the car’s radio. So, those are fair game, too. You could be driving along, and suddenly your car starts blasting “Never Gonna Give You Up.”
At first, the researchers thought they only had read access to the car’s storage, but it turns out they could write files as well. That opens up a whole new world of code execution attacks. Keuper and Alkemade believe it would be possible to send commands through the RCC (car control unit) to bypass the firewall between infotainment and car functionality. However, that would require them to physically compromise a security chip protected by intellectual property. That would probably be illegal, so they discontinued their investigation at that point.
Keuper and Alkemade alerted Volkswagen to the vulnerability last summer, and the car maker recently confirmed the findings. Volkswagen says it’s created a patched version of the infotainment system software, which is loaded on new vehicles. However, there’s no way to patch cars remotely that are already running the hackable version. Owners will have to go to dealerships to have the new software installed. Security updates on a car aren’t exactly a high priority, so it’s unlikely most service centers will even realize there’s a remote hack for the affected vehicles.
Continue reading
Tesla Ordered to Recall 150K+ Vehicles to Repair Memory Failures
Tesla has been asked — or "asked" — to recall some 159,000 vehicles to repair a NAND memory issue that will eventually cause failures on every affected vehicle.
Tesla Will Recall 134,000+ Vehicles Affected by Inevitable eMMC Failure
Tesla will recall Model S and Model Y vehicles manufactured over specific model years in order to repair an inevitable system failure.
GM Cuts Pickup MPG to Ship Vehicles During Semiconductor Shortage
GM has announced a unique way of dealing with the ongoing semiconductor shortage. It's going to drop a chip, cut gas mileage, and ship certain pickups anyway.
US Launches Investigation of Tesla Autopilot Following Emergency Vehicle Crashes
The National Highway Traffic Safety Administration (NHTSA) is looking into Tesla Autopilot in the wake of a series of crashes involving Tesla vehicles and emergency vehicles. If the NHTSA finds Tesla is at fault, it could lead to a recall or other enforcement action that affects what Tesla is permitted to do with Autopilot.