Wednesday, May 2, 2018

Volkswagon and Audi cars remotely hackable

This is my shocked face:
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking. 
Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models (Audi is a brand part of the Volkswagen Group).
The exploit gives the attacker access to the entertainment system, so on the surface this doesn't look catastrophic.  But here's the fine print:
Keuper and Alkemade say the IVI system is also indirectly connected to the car's acceleration and braking system, but they stopped investigating the possibility of interacting with those systems fearing they might breach Volkswagen's intellectual property.
$100 says you could disable the brakes with this while you floored the gas.

But don't worry, I'm sure that this sort of thing will be impossible with self-driving cars.


harp1034 said...

Yeah sure. We don't have to worry. Nobody would hack the system would they? I will never get a self-driving car. Cars with idiot drivers are bad enough.

McChuck said...

Disable the brakes. Floor the accelerator. 20 seconds later, turn left.

What could go wrong?

Jonathan H said...

Issues like this are why we will never completely go to autonomous vehicles; there are too many applications where security or importance will demand people in control - at a minimum, VIP transport, prisoner transport, and armored cars for banks will stay manually driven.