• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Researchers find critical security flaws in popular car models

May 1st, 2018 Waqas Security 0 comments
Researchers find critical security flaws in popular car models
Share on FacebookShare on Twitter

Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital cannot ensure optimal security and the same has been the case with smart cars.

Security researchers Daan Keuper and Thijs Alkemade from Computest claim that some of the car models manufactured by Audi and Volkswagen contain a flaw that can be exploited by attackers easily over the internet. The problem is that Volkswagen doesn’t want to patch the flaw claiming that the models are not equipped with updating over-the-air capability.

For the purpose of this research [PDF], researchers at the Dutch security firm examined 9 different models. Volkswagen Golf GTE and Audi A3 were then finalized for the research after acquiring permission from the company for conducting an analysis of its cars’ security status.

It must be noted that Audi A3 is also manufactured by the Volkswagen Group. Unlike previous times when Volkswagen proved to be a hard nut to crack when it came to judging the security software, it installed in its cars, this time around the company was far more cooperative.

See: Robot Grabbed and Crushed a Man at Volkswagen Plant

Researchers state that the two CAN (controller area network) buses that are used in the cars for safety-critical components (e.g. brakes and engine) and non-safety critical components (e.g. AC, wipers and dashboard), can communicate with each other. The communication is facilitated by a gateway and it is important because it ensures that features are working well.

Volkswagen decides to NOT patch the security flaw in its vehicles

The communication is filtered through firewalls but recently there has been a shift in technology and modern cars now use two different modems for initiating wireless communications. Quite often these lack robust security methods to evade a variety of attacks, most of which are launched remotely.

Computest researchers wanted to check if there is a flaw in Volkswagen cars related to the communication between the CAN buses. They identified that the Harman developed IVI system is an easy attack target and this substantially increased their chances of identifying a flaw.

See: Hacker unlocks vehicle for a family who’d lost keys months ago

They discovered a service in the Golf and Audi A3 systems, which allowed reading of arbitrary files; this could later lead to a full-fledged remote code execution attack. It must be noted that the payload can only be delivered through a wireless connection. This means, attack scope is limited as of now but in the future, cars would become more digitized and presence of infected Wi-Fi hotspots would certainly prove to be a big security risk for cars that are updated over-the-air.

Keuper and Alkemade claim that a vast number of vehicles manufactured by Volkswagen use the same system and this flaw must have been detected during a system security audit but it is surprising that Volkswagen didn’t perform a formal security test.

Since Volkswagen cannot fix the flaw unless the car owner gets it manually patched from an authorized dealer, so researchers chose to not disclose it. Whether the patching process would be conducted for free or not, it is yet unclear. Volkswagen also didn’t release a public statement to make sure that customers stay unaware of the flaw.

Researchers urge that car manufacturers need to properly review the components’ security before buying and installing them into their vehicles. Manufacturers also need to be transparent about the security issues identified in their cars so as to ensure the security of their customers. Same goes for customers; before investing in smart cars, they should make themselves aware of the numerous security risks that the vehicles might pose.

See: Internet Connected Car Hacked and DDoSed via Smartphone

  • Tags
  • Audi
  • Cars
  • hacking
  • internet
  • IoT
  • security
  • Technology
  • Volkswagen
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article GravityRAT malware evades detection and targets users in India
Next article A cryptocurrency platform exposed sensitive data of 25,000 users
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

48
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

94
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

474

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us