Researchers from PCA CyberSecurity have discovered a critical vulnerability in the computer systems of Mercedes-Benz, Volkswagen and Skoda cars. This "backdoor" allows the vehicles to be hacked "with one click", PCWorld reports. The vulnerability affects models that use OpenSynergy's BlueSDK system, responsible for the infotainment and control systems in the cars of these brands. Millions of cars are potentially at risk.
What is the threat?
This vulnerability can allow remote code execution, which means the possibility of installing malware. Hackers can also track the location of the car via GPS and even record sound from the microphone using devices connected via Bluetooth. There are reports that other, unspecified brands of cars are also at risk.
Manufacturers' response and risks
According to BleepingComputer, OpenSynergy and its partner automakers have known about the issue for over a year. OpenSynergy has already released a BlueSDK update that eliminates the vulnerability. However, many automakers have not yet updated their vehicle software during this period.
Due to the use of closed software, it is difficult to determine exactly which models have the vulnerable version of BlueSDK. The good news is that in order to carry out the attack, the hacker must be within Bluetooth range, which limits the attack range to about 10 meters from a running car.