Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

Automakers have taken to integrating some rather fancy in-dash infotainment systems over the years, some of which can even work with your phone to access apps and media on the go. These displays are supposed to be firewalled from the rest of the car. But security researchers say that some Volkswagen vehicles have infotainment systems that provide access both to personal data and maybe even automobile functions via a remote hack.

Most of the attack fits into the “annoying but survivable” category. Computest researchers Daan Keuper and Thijs Alkemade found a bug in VW vehicles running the Discover Pro infotainment systems, specifically the Golf GTE and Audi A3 e-tron. The vulnerability lies in the head units, which are manufactured by Harman. A port was left exposed that allows remote access to the system over Wi-Fi. When you’re in, there’s almost nothing stopping you from controlling the infotainment system.

According to the researchers, they can control the speakers, change what’s on the display, and turn the system on and off. It’s even possible to turn on the microphone and eavesdrop on the driver and passengers. The system, which is based on a Nvidia Tegra 2 SoC and running QNX, also handles decoding tasks and the car’s radio. So, those are fair game, too. You could be driving along, and suddenly your car starts blasting “Never Gonna Give You Up.”

Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

At first, the researchers thought they only had read access to the car’s storage, but it turns out they could write files as well. That opens up a whole new world of code execution attacks. Keuper and Alkemade believe it would be possible to send commands through the RCC (car control unit) to bypass the firewall between infotainment and car functionality. However, that would require them to physically compromise a security chip protected by intellectual property. That would probably be illegal, so they discontinued their investigation at that point.

Keuper and Alkemade alerted Volkswagen to the vulnerability last summer, and the car maker recently confirmed the findings. Volkswagen says it’s created a patched version of the infotainment system software, which is loaded on new vehicles. However, there’s no way to patch cars remotely that are already running the hackable version. Owners will have to go to dealerships to have the new software installed. Security updates on a car aren’t exactly a high priority, so it’s unlikely most service centers will even realize there’s a remote hack for the affected vehicles.

Continue reading

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.

How to Build a Face Mask Detector With a Jetson Nano 2GB and AlwaysAI
How to Build a Face Mask Detector With a Jetson Nano 2GB and AlwaysAI

Nvidia continues to make AI at the edge more affordable and easier to deploy. So instead of simply running through the benchmarks to review the new Jetson Nano 2GB, I decided to tackle the DIY project of building my own face mask detector.

Sony’s PlayStation 5 Debuts to Strong Reviews
Sony’s PlayStation 5 Debuts to Strong Reviews

Reviews have come in for Sony's PlayStation 5, and while they're a bit preliminary for the same reason as the Xbox Series X, they're broadly positive about Sony's latest gaming effort.

PC Sales Soared in Q1 Amid Pandemic-Driven Demand
PC Sales Soared in Q1 Amid Pandemic-Driven Demand

The PC market boomed in Q1 2021. The semiconductor shortage is biting the entire planet, but OEMs are shipping a lot of systems.