Leading researchers have discovered serious vulnerabilities in the infotainment systems of Skoda and Volkswagen cars.
Cybersecurity experts from PCAutomotive reported 12 new vulnerabilities in the MIB3 system used in the latest Skoda Superb III and other Skoda and Volkswagen models. Among the vulnerabilities are the tracking of GPS coordinates of the car, the recording of conversations through the microphone, access to the phone book of the car owner, and the possibility of turning off the engine while driving. Of particular concern is an attack through a Bluetooth connection, which can be carried out without authentication within a radius of 10 meters.
The vulnerability also affects the OBD interface, which can bypass UDS authentication. After discovering these vulnerabilities, Škoda’s parent company, Volkswagen, issued a corresponding patch. According to the representative of the company, the safety of customers was not affected. As Internet-connected cars evolve, their reliance on complex electronic systems makes cybersecurity critical. The Skoda and Volkswagen incidents remind automakers of the need to regularly audit their systems and strengthen security measures.
Protecting automotive systems from cyber threats should be a priority for all automakers. Consumers should also be aware of the potential risks associated with using connected cars.