Own a car from this brand? Hackers could be tracking your location right now

Updated on 13-Dec-2024
HIGHLIGHTS

If you drive a Skoda, you might want to pay attention to this.

Researchers have found serious security flaws in the infotainment systems of some of its cars.

These vulnerabilities can allow cybercriminals to track your location and access personal data.

If you drive a Skoda, you might want to pay attention to this: researchers have found serious security flaws in the infotainment systems of some of its cars, leaving them vulnerable to hackers. These vulnerabilities can allow cybercriminals to track your location, access personal data, and even take control of certain car functions remotely.

At Black Hat Europe this week, PCAutomotive, a cybersecurity firm specialising in automotive security, revealed 12 new vulnerabilities affecting the Skoda Superb III sedan’s infotainment system.

This is the second year in a row that security flaws have been discovered in the same model, after nine other vulnerabilities were found last year. Skoda, owned by Volkswagen, uses the MIB3 infotainment unit, which is also found in several other models across both brands.

Also read: Researchers warn: Hackers can exploit 5G baseband flaws to spy on cell phone users

Danila Parnishchev, head of security assessment at PCAutomotive, explained to TechCrunch that these vulnerabilities could be chained together, allowing hackers to inject malware into the car’s system. The attack can be carried out remotely, with hackers needing only to connect to the vehicle’s media unit via Bluetooth, and they can do this from up to 10 meters away without needing any authentication.

Once inside, the attacker could gain full access to the vehicle’s systems. They could track the car’s GPS coordinates, record conversations using the in-car microphone, take screenshots of the infotainment display, and even play sounds inside the car. 

Additionally, if the car owner has synced their phone’s contact list with the vehicle, the hacker could steal the contact database. Although the vulnerabilities don’t allow hackers to access critical vehicle controls like the steering wheel or brakes, the potential for privacy breaches is alarming.

Also read: Data of 375 million Airtel India users allegedly put on sale on Dark Web, telco denies report

Parnishchev also pointed out that there could be even more vulnerable vehicles out there, as many MIB3 units are sold as aftermarket parts, and previous owners might not have wiped their data.

While Volkswagen has since patched the vulnerabilities, it’s a reminder of how connected our cars have become—and how easily they can be compromised.

In a statement to TechCrunch, Skoda spokesperson Tom Drechsler said: “The reported vulnerabilities in the infotainment system have been and are being addressed and eliminated through continuous improvement management via the lifecycle of our products. At no time was and is there any danger to the safety of our customers or our vehicles.”

Ayushi Jain

Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds.

Connect On :