Slashdot Mirror
Volkswagen, Audi Cars Vulnerable To Remote Hacking (bleepingcomputer.com)
An anonymous reader writes: "A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking," reports Bleeping Computer. The vulnerabilities have been successfully tested and verified on Volkswagen Golf GTE and Audi A3 Sportback e-tron models. Researchers say they were able to hack the cars via both WiFi (remote vector) and USB (local vector) connections. Researchers hinted they could have also went after the cars' braking and acceleration system, but stopped due to fear of breaking VW's intellectual property on those systems.
"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said in their paper. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added. VW deployed patches.
"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said in their paper. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added. VW deployed patches.
"they could have also GONE after", I think you'll find...
Other than a feed of +12V, a signal line from the steering wheel controls, ground, and maybe a data signal from a rear-view camera, why does the "infotainment" system need to talk to the rest of the car at all?
The most pragmatic reason is that wiring harnesses in cars are complex and expensive, and replacing a bunch of point to point wires with a data bus makes the car cheaper and easier to build. And once you have everything connected to a data bus, why not put the UI for many of those items on the thing with the biggest display and most available controls, like the infotainment system.
And my car has lots of settings that you may not think are worthwhile, but that I appreciate. Like to unlock all 4 doors when I touch the door handle, and to fold in the mirrors when I park. Things that may not be everyone's preference, but I like my bells and whistles.
My car has multiple cameras, and when the car is in reverse it shows me the rear view camera - so it needs to know transmission indicators. And it automatically turns off the cameras when I reach a certain forward speed, so it needs to know the speedometer reading. And since it has no physical gauges on the dash, the whole driver display is nothing but an LCD screen, so it needs to know speed, RPM, gas gauge, temperature, cruise control settings, etc.
Maybe not to your taste, but definitely to mine.