Skoda security flaws could let hackers remotely track cars

(Image credit: Why Kei, Unsplash)

Security flaws were found affecting Skoda Superb III cars
Over 1.4 million cars could be affected
The same model car was found to have similar vulnerabilities last year

Experts have revealed a discovery of 12 new security vulnerabilities affecting the Skoda Superb III sedan, including flaws which could allow a threat actor to access the vehicle's GPS and speed information, as well as remotely record conversations and access the infotainment screen.

Cybersecurity researchers from PCAutomotive revealed they were able to exploit the vulnerabilities to inject malware into the vehicle without authentication. The security flaws allowed them to to achieve unrestricted code execution and to run malicious code when the unit starts.

In turn, a malicious actor could have taken screenshots of the in-car infotainment screen, or recorded conversations through the microphone - and access live GPS coordinates. This was achieved through a Bluetooth connection with the system, so researchers could not access safety-critical controls like brakes, steering, or accelerators.

Deja Vu

If this sounds a little familiar, that's because the group who discovered the vulnerabilities, PCAutomative, were also responsible for the discovery of nine other security flaws which affected the same model of car in November 2023 - also affecting the car’s infotainment unit.

The most recent Skoda vulnerabilities could affect over 1.4 million vehicles, and could affect an even higher number of people if their data was not properly erased before they sold their car on to a second-hand buyer.

Although it’s not difficult to imagine how this could be used to exploit victims in a normal setting, it's even more worrying when you find out that Skoda is a huge supplier for law enforcement vehicles across the globe.

Another manufacturer which supplies police vehicles, Kia, was found earlier this year to have a software flaw that meant hackers could unlock and start any Kia vehicle built after 2013, and could have had similarly wide-reaching consequences.

Via TechCrunch

Take a look at our pick of the best malware removal software around
Microsoft announces its own Black Hat-like hacking event with big rewards for AI security
Check out our choice of best antivirus software

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.