Hackers Can Remotely Track Skoda Cars Through Newly Discovered Vulnerabilities

Security researchers have uncovered multiple critical vulnerabilities in the infotainment systems of Skoda cars that could potentially allow malicious actors to remotely track and control various vehicle functions. PCAutomotive, a specialized automotive cybersecurity firm, disclosed 12 new security flaws affecting the latest model of the Skoda Superb III sedan during a presentation at Black Hat Europe.

The vulnerabilities were primarily discovered in the MIB3 infotainment unit, which could be exploited by hackers to inject malware and gain unauthorized access to the vehicle's systems. Danila Parnishchev, head of security assessment at PCAutomotive, revealed that an attacker could exploit these flaws within a 10-meter range using a Bluetooth connection to the car's media unit.

Researchers estimate that potentially over 1.4 million vehicles could be vulnerable to these security gaps, with the actual number potentially being even higher when considering aftermarket components. The discovered vulnerabilities could allow attackers to perform several critical actions, including obtaining real-time GPS coordinates, recording in-car conversations, capturing infotainment display screenshots, and accessing the vehicle owner's phone contact database.

One of the most concerning aspects of these vulnerabilities is the potential for attackers to execute arbitrary code every time the infotainment unit starts. This could provide malicious actors with unprecedented access to the vehicle's electronic systems, albeit with some limitations on controlling critical safety components like steering, brakes, and acceleration.

The security flaws were found in the Skoda Superb III (3V3) 2.0 TDI manufactured in 2022, but researchers suggest that the issues may extend to other Skoda and Volkswagen models using similar infotainment systems. Additionally, researchers identified vulnerabilities in the vehicle's OBD interface that could potentially allow attackers to bypass authentication on the infotainment unit.

Volkswagen, Skoda's parent company, has reportedly addressed the vulnerabilities after they were reported through the company's cybersecurity disclosure program. Skoda spokesperson Tom Drechsler stated that the company is addressing the issues through "continuous improvement management" and assured that there was no immediate danger to customer safety.

This discovery underscores the growing importance of cybersecurity in modern connected vehicles. As automotive technology becomes increasingly sophisticated and interconnected, the potential for cyber threats continues to evolve. The incident serves as a critical reminder for automakers to prioritize robust security measures and for consumers to remain vigilant about the potential risks associated with connected car technologies.

The research highlights the need for ongoing security assessments and proactive vulnerability management in the automotive industry. It also demonstrates the critical role of cybersecurity researchers in identifying and mitigating potential security risks before they can be exploited by malicious actors.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: