Skoda Superb III Vulnerabilities Exposed as Cybersecurity Flaws in Infotainment System Impact 1.4 Million Vehicles
In recent years, car makers have introduced various security features so that users can enjoy their ride also without worrying about their safety and security vulnerabilities as modern cars nowadays connected with electronic devices process large quantities of data which makes it important to protect cars in this regard. Among other automakers, Skoda has been taking cybersecurity seriously for its cars but a recent report by TechCrunch reveals that a particular Skoda model may have some vulnerabilities.
As per the report, PCAutomotive a cybersecurity firm, unveiled 12 new security vulnerabilities that impact the latest model of the Skoda Superb III sedan. Earlier also the organization disclosed 9 other vulnerabilities affecting the same model. It is said that the vulnerabilities could be chained together and exploited by hackers to inject malware into the vehicle. An attacker would need to connect the Skoda model media unit via Bluetooth to exploit the flaws and Danila Parnishchev, head of security assessment at PCAutomotive noted that “the attack can be performed within 10 meters without authentication.”
The vehicle’s MIB3 infotainment unit could allow attackers to achieve unrestricted code execution and run malicious code every time the unit starts. This may allow the hacker to obtain live GPS coordinates and speed data, record conversations via an in-car microphone, take screenshots of the infotainment display, and play arbitrary sounds in the car. Not only this the phone contact database can also be hacked if a vehicle owner has enabled contact synchronization with their car.
The research shared by PCAutomotive mentioned that the vulnerable MIB3 units are used in multiple Volkswagen and Skoda models, and based on public sales data, estimates there are potentially more than 1.4 million vulnerable vehicles out there. Though PCAutomotive said Volkswagen patched the vulnerabilities after they were reported through the company’s cybersecurity disclosure program.
Meanwhile, Skoda spokesperson Tom Drechsler sent an email to TechCrunch that mentioned, “The reported vulnerabilities in the infotainment system have been and are being addressed and eliminated through continuous improvement management via the lifecycle of our products. At no time was and is there any danger to the safety of our customers or our vehicles.”
