Submitted via IRC for SoyCow4408
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking. Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models (Audi is a brand part of the Volkswagen Group).
The two researchers said used a car's WiFi connection to exploit an exposed port and gain access to the car's IVI, manufactured by electronics vendor Harman. Researchers also gained access to the IVI system's root account, which they say allowed them access to other car data.
"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added.
Original Paper: The Connected Car Ways to get unauthorized access and potential implications
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @02:37PM (1 child)
> Beginning the "start engine" sequence without applying the brake first? Insane!
If it's in Park or Neutral, then this is far from insane. On my older car I turn the key to start the engine and as long as it's in Park or Neutral it starts right up. Another older car has manual transmission and this has a clutch interlock--clutch pedal must be pushed before the starter runs (but no brake application required).
I agree that digital odometers are a nuisance if they can't be read with the car turned off. I have vague memories of one that used a reflective LCD, this could be read (faintly) without the backlight (car turned off), when ambient lighting conditions were correct.
(Score: 3, Insightful) by Justin Case on Wednesday May 02 2018, @03:22PM
But how do you know it's in Park or Neutral?
I mean sure, you pushed the lever, and the pretty light came on, so you think it is probably in park, but you are no longer in control of the car, the computers are. And it will do as it decides which totally may or may not be what you commanded or even expected due to a confusing user interface.
"But software never malfunctions!"
Please refresh your memory regarding the topic of the present discussion.