Skoda Superb and these VAG cars may be susceptible to hacking
Security researchers have discovered low to medium criticality vulnerabilities in select Skoda and Volkswagen cars that could allow malicious actors to perform certain checks, a cybersecurity firm announced this week at the Black Hat Europe 2024 event. At least twelve new vulnerabilities have been found affecting the infotainment systems in the latest model of the Skoda Superb III – a D-segment sedan manufactured by the Volkswagen Group that went into production in 2015. Although threat actors would have to connect to the vehicle via Bluetooth to gain access, the attack can even be carried out from a distance.
This builds on the previous discovery of nine security flaws in the same vehicle reported last year.
Vulnerabilities in Skoda cars
Cybersecurity company PCAutomotive published a report which details the vulnerabilities discovered in the third generation model of Skoda Superb. The German sedan’s MIB3 infotainment system potentially gives malicious actors unrestricted access to code execution, allowing them to execute malicious code upon boot. It is said to provide remote access to the vehicle’s systems.
They may be able to track speed and location in real time, monitor the car’s microphone, play sounds and control the infotainment system. Another bug may allow them to exfiltrate the phone contacts database if contact sync with the phone is enabled. Furthermore, the vulnerabilities could also allow access to the CAN bus used to connect to the vehicle’s electronic control units (ECUs).
Although there are many suppliers of the MIB3 infotainment system, the researchers are specifically talking about the one from Preh Car Connect Gmbh. It affects the following models:
- Skoda Superb III
- Skoda Karoq
- Skoda Kodiaq
- VW Areteon
- VW Tiguan
- VW Passat
- VW T-Roc
- VW T-Cross
- VW Polo
- VW Golf
Sales data shows that a total of 1.4 million Volkswagen Group vehicles are at risk. PCAutomotive reported the vulnerabilities to Skoda as part of its cybersecurity disclosure program. In a statement to TechCrunch, Skoda revealed that they have been addressed and eliminated. “There was and is at no time any danger to the safety of our customers or our vehicles,” the German car company said.
For the latest tech news and reviews, follow Gadgets 360 X, Facebook, WhatsApp, Wires And Google News. For the latest videos on gadgets and technology, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who is that360 on Instagram And YouTube.
Realme 14x 5G confirmed to pack a 6,000mAh battery; Charging details revealed
Naughty Dog unveils Intergalactic: The Heretic Prophet, a new sci-fi franchise for PS5
