vulnerabilities in the media system of Audi and Volkswagen

Apr

20

2018

Researchers discover vulnerabilities in the media system of Audi and Volkswagen
Employees of the Dutch security company Computest have discovered vulnerabilities in the infotainment systems of an Audi A3 Sportback e-tron and a Volkswagen Golf GTE from the construction year 2015.

Two researchers were able to gain remote access to the car’s system, which could put privacy at risk. For example, the Computest researchers call the possibility that malicious parties can listen in on certain situations with conversations that the driver makes via a car kit.

It also turned out to be possible to switch the microphone on or off and to view the complete address book and call history. The researchers were also able to gain access to the navigation system, so that it is possible to find out where the driver has been with the car and what the current location of the car is.

The vulnerability is related to different versions of Harman’s infotainment system, which were installed in the examined wave and A3. Specifically this concerns the so-called modular infotainment platform , which can be reached via the glove compartment.

This hardware can be connected to the Internet via WiFi. With a simple port scan several processes became visible, whereby there was a service with a vulnerability that could be misused via a Wi-Fi hotspot. This way, code could be executed remotely. The vulnerability only works with the Gulf via this Wi-Fi connection, so that malicious people have to be in the vicinity of the car. With the Audi A3 access was also possible via the mobile network, since this model has a built-in SIM card on board, says one of the researchers against the NOS. The researchers could also get administrator rights via a USB stick.

The researchers report in the research report that they have not revealed the exact effect of the vulnerability because it can not be remedied remotely. For this the car has to go to the garage. The ethical hackers of Computest reported the discovery of the vulnerability several months ago to Volkswagen Group, the manufacturer of both car models.

The hackers say they could have gone further, because the systems to which they had access are indirectly connected to the systems, including probably the can bus of the internal communication network, which gives access to the brakes of the car, for example. The director of Computest decided to stop the investigation on this point, fearing that vulnerability testing is illegal and would infringe on the intellectual property of the manufacturer.

In: Technology & Gadgets Asked By: [18476 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »


Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]