Automakers have taken to integrating some rather fancy in-dash infotainment systems over the years, some of which can even work with your phone to access apps and media on the go. These displays are supposed to be firewalled from the rest of the car. But security researchers say that some Volkswagen vehicles have infotainment systems that provide access both to personal data and maybe even automobile functions via a remote hack.
Most of the attack fits into the “annoying but survivable” category. Computest researchers Daan Keuper and Thijs Alkemade found a bug in VW vehicles running the Discover Pro infotainment systems, specifically the Golf GTE and Audi A3 e-tron. The vulnerability lies in the head units, which are manufactured by Harman. A port was left exposed that allows remote access to the system over Wi-Fi. When you’re in, there’s almost nothing stopping you from controlling the infotainment system.
According to the researchers, they can control the speakers, change what’s on the display, and turn the system on and off. It’s even possible to turn on the microphone and eavesdrop on the driver and passengers. The system, which is based on a Nvidia Tegra 2 SoC and running QNX, also handles decoding tasks and the car’s radio. So, those are fair game, too. You could be driving along, and suddenly your car starts blasting “Never Gonna Give You Up.”
At first, the researchers thought they only had read access to the car’s storage, but it turns out they could write files as well. That opens up a whole new world of code execution attacks. Keuper and Alkemade believe it would be possible to send commands through the RCC (car control unit) to bypass the firewall between infotainment and car functionality. However, that would require them to physically compromise a security chip protected by intellectual property. That would probably be illegal, so they discontinued their investigation at that point.
Keuper and Alkemade alerted Volkswagen to the vulnerability last summer, and the car maker recently confirmed the findings. Volkswagen says it’s created a patched version of the infotainment system software, which is loaded on new vehicles. However, there’s no way to patch cars remotely that are already running the hackable version. Owners will have to go to dealerships to have the new software installed. Security updates on a car aren’t exactly a high priority, so it’s unlikely most service centers will even realize there’s a remote hack for the affected vehicles.
Microsoft Pulls Spectre, Meltdown Patches for Older AMD Systems
Microsoft has halted the distribution of patches for Spectre, Meltdown on some AMD systems due to problems with BSODs and bricked systems.
NASA’s IMAGE Satellite Still Has Functional Power, Electronics Systems
NASA has fresh news about its IMAGE satellite, but there are still a lot of questions about why the hardware failed the way it did — or why it's operational again.
Researchers Develop a File System for DNA-Based Storage
Research from Microsoft Research and the University of Washington may have cracked the code to make DNA a viable storage medium.
Intel Launches New Optane 800P M.2 SSDs for Consumer Systems
Intel has finally brought Optane technology to the consumer market, with 58GB and 118GB drives. Performance is excellent, but pricing is a concern.