IVI Systems in Volkswagen, Audi Vulnerable to Remote Hacking

Volkswagen has been found prone to car-hacking vulnerabilities, a detailed Computest report recently revealed. Researchers unearthed that the IVI systems (In-Vehicle Infotainment) in some Volkswagen models are vulnerable to remote hacking. These vulnerabilities could also lead to the compromise of other critical car systems.

Technical Details about the Research

More particularly, researchers Thijs Alkemade and Daan Keuper discovered the vulnerability in Golf GTE Volkswagen and the Audi3 Sportback e-tron. The flaw could allow hackers to take control over critical functions in some cases. The functions include turning the car’s microphone on and off, enlisting the microphone to listen to the driver’s conversations, and obtaining access to the conversation history and the address book of the automobile. On top of that, the researchers said that attackers could also track the car via its navigation system.

An increasing number of cars feature an internet connection, and some cars even have two cellular connections at once, the researchers wrote. This connection can for example be used by the IVI system to obtain information, such as maps data, or to offer functionalities like an internet browser or a Wi-Fi hotspot or to give owners the ability to control some features via a mobile app.

For their report, the researchers specifically focused on attack vectors that could be triggered via the internet and without user interaction. The goal that inspired the research was to see whether the driving behavior or other critical safety components in the car could be influenced. In other words, the researchers wanted to gain access to the high-speed CAN bus, which connects components like the brakes, steering wheel and the engine.

The research started with a Volkswagen Golf GTE, from 2015, with the Car-Net app:

This car has a (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/ivi-systems-volkswagen-audi-vulnerable/