Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

Automakers have taken to integrating some rather fancy in-dash infotainment systems over the years, some of which can even work with your phone to access apps and media on the go. These displays are supposed to be firewalled from the rest of the car. But security researchers say that some Volkswagen vehicles have infotainment systems that provide access both to personal data and maybe even automobile functions via a remote hack.

Most of the attack fits into the “annoying but survivable” category. Computest researchers Daan Keuper and Thijs Alkemade found a bug in VW vehicles running the Discover Pro infotainment systems, specifically the Golf GTE and Audi A3 e-tron. The vulnerability lies in the head units, which are manufactured by Harman. A port was left exposed that allows remote access to the system over Wi-Fi. When you’re in, there’s almost nothing stopping you from controlling the infotainment system.

According to the researchers, they can control the speakers, change what’s on the display, and turn the system on and off. It’s even possible to turn on the microphone and eavesdrop on the driver and passengers. The system, which is based on a Nvidia Tegra 2 SoC and running QNX, also handles decoding tasks and the car’s radio. So, those are fair game, too. You could be driving along, and suddenly your car starts blasting “Never Gonna Give You Up.”

Some Volkswagen Vehicles Have Remotely Hackable Infotainment Systems

At first, the researchers thought they only had read access to the car’s storage, but it turns out they could write files as well. That opens up a whole new world of code execution attacks. Keuper and Alkemade believe it would be possible to send commands through the RCC (car control unit) to bypass the firewall between infotainment and car functionality. However, that would require them to physically compromise a security chip protected by intellectual property. That would probably be illegal, so they discontinued their investigation at that point.

Keuper and Alkemade alerted Volkswagen to the vulnerability last summer, and the car maker recently confirmed the findings. Volkswagen says it’s created a patched version of the infotainment system software, which is loaded on new vehicles. However, there’s no way to patch cars remotely that are already running the hackable version. Owners will have to go to dealerships to have the new software installed. Security updates on a car aren’t exactly a high priority, so it’s unlikely most service centers will even realize there’s a remote hack for the affected vehicles.

Continue reading

Chromebooks Gain Market Share as Education Goes Online
Chromebooks Gain Market Share as Education Goes Online

Chromebook sales have exploded in the pandemic, with sales up 90 percent and future growth expected. This poses some challenges to companies like Microsoft.

SpaceX Launches ‘Better Than Nothing’ Starlink Beta
SpaceX Launches ‘Better Than Nothing’ Starlink Beta

Those lucky few who have gotten invitations to try the service will have to pay a hefty up-front cost, and the speeds aren't amazing. Still, it's a new generation of satellite internet.

Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR
Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR

Ask anyone who has spent more than a few minutes inside a VR headset, and they'll mention the screen door effect. This could eliminate it for good.

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.