Skoda Superb Iii Owners Data Exposed: 12 Critical Security Flaws Put Vehicles At Risk

Cybersecurity Firm PCAutomotive Exposes 12 Critical Security Flaws in Skoda Superb III Infotainment Systems, Leaving Owners’ Personal Data at Risk.

Researchers have identified a total of 12 security flaws in the MIB3 infotainment unit of Skoda’s Superb III sedans. These vulnerabilities can be exploited to track vehicles remotely, inject malware, access sensitive owner information, and even obtain live GPS coordinates and speed data. According to Danila Parnishchev, head of security assessment at PCAutomotive, an attacker would need to connect with the infotainment system via Bluetooth to initiate an attack from a distance of 10 meters without authentication.

The identified vulnerabilities allow attackers to perform unrestricted code execution and run malicious code every time the infotainment unit starts. This enables them to obtain live GPS coordinates, speed data, and even record conversations via the in-car microphone. Furthermore, an attacker could take screenshots of the infotainment display or play arbitrary sounds in the vehicle.

What’s more alarming is that these vulnerabilities also allow hackers to exfiltrate a vehicle owner’s phone contact database if contact synchronization with their car is enabled. “Usually phones are encrypted, so you cannot easily extract the contact database,” Parnishchev notes. “In the case of the infotainment unit, you can — the contact database is stored in plaintext.”

Volkswagen, Skoda’s parent company, has acknowledged and addressed the vulnerabilities through its cybersecurity disclosure program. According to Tom Drechsler, a spokesperson for Skoda, “The reported vulnerabilities in the infotainment system have been and are being addressed and eliminated through continuous improvement management via the lifecycle of our products.” However, concerns about potential risks to owner data remain.

The discovery highlights the importance of robust vehicle cybersecurity measures. With an estimated 1.4 million vulnerable vehicles on the road, PCAutomotive’s findings underscore the need for immediate attention from manufacturers and owners alike. The potential consequences of these vulnerabilities are far-reaching, affecting not only vehicle owners but also their personal safety and well-being.