Infotainment Devices in Audi and VW Cars Flawed that Hackers could Exploit

Computest a cyber-security company claims that it discovered the infotainment devices in a few VW and Audi motorcars as prone to remote hackers' attacks. Thijs Alkemade and Daan Keuper, the security researchers from Computest uncovered the problem. According to them, the related bug was discovered after examining one Volkswagen Golf GTE as well as Audi A3 Sportback e-tron car models.

The Dutch security company's researchers Alkemade and Keuper uncovered that the security vulnerability within the motorcars' IVI device, better described as MIB (modular infotainment platform) was potentially exploitable by remote attackers.

They further state that when conditions were favorable they were also capable of listening to the vocal interactions of the driver who used a Bluetooth car kit; switch off or on the microphone; as well as reach for the conversation history or contact list. Exploiting the bug would as well let admission into the navigation device for determining the driver's geo-positional location. Slashgear.com posted this online dated May 1, 2018.

It was also found that the infotainment device had an indirect connection with the break and accelerator of the vehicles. Nevertheless according to the researchers, they halted short of examining hacks into the braking and acceleration system in apprehension of infringing upon the VW IP.

The security experts revealed that they managed leveraging a zero-day flaw within the Harman-produced MIB inside the impacted motor vehicle models for gaining admission into the IVI tool through a remote Wi-Fi connection. Subsequently, upon exploiting an open port they were able in accessing the infotainment system's management software. Within their report, the security researchers said they could hijack the MIB IVI device remotely followed with then dispatching random Control Area Network (CAN) messages onto IVI CAN bus. Consequently, they could take over the microphone, speakers, and central screen. Indeed, the access level as this was beyond any attacker's ability, they asserted.

Evidently as of now, the affected vehicles' owners require ensuring they get the software and security updates. Moreover, the manufacturers too should take security steps for tightening the vehicles' security, notably by incorporating intermediate components that would assure both security and quality.

» SPAMfighter News - 5/8/2018