VW and Audi Cars Hacked Remotely

Tue, May 1, 2018

It is happening. The stupidity of the car manufacturers making IoT devices out of cars is showing itself more and more. Concerns over companies creating remote pathways into their vehicles electronics and drive systems has long been criticized by security professionals and it looks like, of course, they were right. A dutch cyber security firm apparently hacked a VW Golf GTE and Audi A3 Sportback via WiFi and also via USB.

They gained access to In-Vehicle Infotainment (IVI) systems root account and

Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history

Oh, nice! But wait, there is more

Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time

It gets better and better but at least they were not able to control the cars automotive function…

Keuper and Alkemade say the IVI system is also indirectly connected to the car’s acceleration and braking system, but they stopped investigating the possibility of interacting with those systems fearing they might breach Volkswagen’s intellectual property