A cybersecurity firm called Computest has found that the infotainment systems inside some Audi and VW cars is vulnerable to remote hacking. The researchers who discovered the issue are Daan Keuper and Thijs Alkemade. The researchers say that they have confirmed these exploits using a VW Golf GTE and an Audi A3 Sportback e-tron model.
According to the duo, the infotainment system in these cars were hacked using the vehicles WiFi connection. The hack took advantage of an exposed port and gained access to the infotainment system that was made by Harman. Access to the system’s root account was accessed, which they say gave access to other car data.
According to the researchers, under certain conditions they could listen in on conversations the driver was conducting using car kit (Bluetooth presumably), turn the microphone on and off, and gain access to the address book and conversation history. The vulnerability also could allow access to the navigation system to figure out where the driver had been.
The infotainment system is also reportedly indirectly connected to the acceleration and braking system of the car. However, the researchers said they stopped testing hacks into that side of the system out of fear of breaching VW IP. Other exploits can be conducted via the USB debugging port under the dash.
The researchers say that the vulnerabilities they found should have been found during a “proper” security test. The duo also says that they have a meeting with VW to talk about their findings and realized that the vulnerability was unknown to them and that the infotainment system hadn’t undergone a formal security test. VW did work with the team to address the issues found.
SOURCE: Bleeping Computer