Auto-Hack: New vulnerability in infotainment systems
Three security researchers have demonstrated at the Defcon in Las Vegas that infotainment systems from well-known automarks still have numerous vulnerabilities.
Mickey Shkatov, Jesse Michael, and Oleksandr Bazhaniuk from the Advanced Threat Research team at McAfee have shown at DefCon in a demo called “Driving Down the Rabbit Hole” how vulnerable infotainment systems are still in cars.
According to US-Cert, remote vulnerabilities can be exploited by remote attackers to disable the infotainment system of a vehicle and to influence functional features of the vehicle. The car manufacturers, who are concerned, emphasize that no “critical safety features” can be manipulated.
All telematics modules manufactured by Continental AG using the S-Gold 2 chipset are affected by the gap. It has been installed in various models of BMW from 2009-2010, in Fords, Infinitis and the Nissan Leaf from 2011 to 2015. The manufacturer has already confirmed the safety researchers’ report.
Nissan and Infiniti have communicated to dealers that they should offer their customers a free 2G-TCU deactivation. Customers should turn to their dealers for this, they say. BMW wants to offer its affected customers a service measure. Ford has been running a customer program since 2016 to disable 2G modems.