Skoda security flaws could let hackers remotely track cars  | amznusa.com


  • Security flaws were found affecting Skoda Superb III cars
  • Over 1.4 million cars could be affected
  • The same model car was found to have similar vulnerabilities last year

Experts have revealed a discovery of 12 new security vulnerabilities affecting the Skoda Superb III sedan, including flaws which could allow a threat actor to access the vehicle’s GPS and speed information, as well as remotely record conversations and access the infotainment screen.

Cybersecurity researchers from PCAutomotive revealed they were able to exploit the vulnerabilities to inject malware into the vehicle without authentication. The security flaws allowed them to to achieve unrestricted code execution and to run malicious code when the unit starts.

In turn, a malicious actor could have taken screenshots of the in-car infotainment screen, or recorded conversations through the microphone – and access live GPS coordinates. This was achieved through a Bluetooth connection with the system, so researchers could not access safety-critical controls like brakes, steering, or accelerators.

Deja Vu

If this sounds a little familiar, that’s because the group who discovered the vulnerabilities, PCAutomative, were also responsible for the discovery of nine other security flaws which affected the same model of car in November 2023 – also affecting the car’s infotainment unit.

The most recent Skoda vulnerabilities could affect over 1.4 million vehicles, and could affect an even higher number of people if their data was not properly erased before they sold their car on to a second-hand buyer.

Although it’s not difficult to imagine how this could be used to exploit victims in a normal setting, it’s even more worrying when you find out that Skoda is a huge supplier for law enforcement vehicles across the globe.

Another manufacturer which supplies police vehicles, Kia, was found earlier this year to have a software flaw that meant hackers could unlock and start any Kia vehicle built after 2013, and could have had similarly wide-reaching consequences.

Via TechCrunch

You might also like

 

This articles is written by : Fady Askharoun Samy Askharoun

All Rights Reserved to Amznusa www.amznusa.com

Why Amznusa?

AMZNUSA is a dynamic website that focuses on three primary categories: Technology, e-commerce and cryptocurrency news. It provides users with the latest updates and insights into online retail trends and the rapidly evolving world of digital currencies, helping visitors stay informed about both markets.