Flaw Detected in VW Security

Researchers at Dutch firm Computest have disclosed multiple vulnerabilities in the infotainment system of some Volkswagen and Audi models, allowing them to remotely access the system and commandeer the microphone, navigation system and speakers. Whitehat hackers Daan Keuper and Thijs Alkemade found the flaws in early 2017 after probing Harman-made infotainment systems in a 2015 model VW Golf GTE and an Audi A3 Sportback e-tron. Both vehicles are made by Volkswagen Group, ZDNet reported. Hoping to build on the cellular-based remote Jeep hack in 2015 that prompted a massive recall, the researchers were on the hunt specifically for ways to compromise an Internet-connected car remotely and without user interaction. The researchers found a flaw in the VW’s in-vehicle infotainment (IVI) system that can be remotely exploited if the vehicle connects to an attacker’s WiFi network. Keuper told ZDNet that they subsequently found the vulnerability could be exploited over cellular networks too, allowing for a longer-range attack.