Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

US and India's VCS had just formed an alliance of over $1 billion to fund deep tech startups in India

September 2, 2025

You can still do it while volunteering in 2025

September 1, 2025

5 days left: The exhibition table is in turmoil in 2025

September 1, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    5 days left: The exhibition table is in turmoil in 2025

    September 1, 2025

    Tiktok now allows users to send voice memos and images via DMS

    August 29, 2025

    California Uber and Lyft drivers win the path to unionization

    August 29, 2025

    Mississippi's Age Guarantee Act Tests Decentralized Social Networks

    August 28, 2025

    Threads test how to share long format text on the platform

    August 28, 2025
  • Crypto

    Coinbase CEO explains why he fired an engineer who didn't try AI right away

    August 22, 2025

    Your next customer is destroying the 2025 Expo floor

    August 19, 2025

    Crypto Company Gemini File for Winklevoss Twins IPO

    August 16, 2025

    North Korean spies pretending to be remote workers have invaded hundreds of businesses, CloudStrike says

    August 4, 2025

    Telegram's Crypto Wallet will be released in the US

    July 22, 2025
  • Security

    WhatsApp fixes a “zero click” bug used to hack Apple users with spyware

    August 29, 2025

    According to Transunion, hackers say they stole the personal information of 4.4 million customers

    August 28, 2025

    The FBI says that China's salt typhoon has hacked at least 200 US companies

    August 27, 2025

    US sanctions fraud network used by North Korea's “remote IT workers” to steal money for work

    August 27, 2025

    Doge uploads live copies of Social Security databases to “vulnerable” cloud servers, whistleblower says

    August 26, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    US and India's VCS had just formed an alliance of over $1 billion to fund deep tech startups in India

    September 2, 2025

    You can still do it while volunteering in 2025

    September 1, 2025

    With funding from Mbi's Sequoia, director Jim Jalmusch “disappointed and denied”

    August 31, 2025

    A sign of “t”? It's a lot of dollars, nvidia

    August 29, 2025

    A comprehensive list of 2025 tech layoffs

    August 29, 2025
TechBrunchTechBrunch

Researchers have discovered a security flaw in Skoda cars that could allow hackers to remotely track them.

TechBrunchBy TechBrunchDecember 12, 20243 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


Security researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars. This vulnerability could allow a malicious attacker to remotely trigger certain controls and track the vehicle's location in real time.

PCAutomotive, a cybersecurity company specializing in the automotive sector, revealed 12 new security vulnerabilities affecting the latest model of the Skoda Superb III sedan this week at Black Hat Europe. This comes a year after the organization disclosed nine other vulnerabilities affecting the same model. Skoda is a car brand owned by German car giant Volkswagen.

Danila Parnyshev, head of security assessment at PCAutomotive, told TechCrunch that the vulnerabilities could be chained together and exploited by hackers to inject malware into vehicles. Parnyshev told TechCrunch that an attacker would need to connect to the Skoda Superb III's media unit via Bluetooth to exploit the flaw, but “the attack can be carried out within 10 meters without authentication.”

This vulnerability was discovered in a vehicle's MIB3 infotainment unit and could allow an attacker to achieve unrestricted code execution and execute malicious code every time the unit is started. According to PCAutomotive, this allows attackers to obtain live vehicle GPS coordinates and speed data, record conversations via the vehicle's microphone, take screenshots of the infotainment display, and play arbitrary sounds inside the vehicle. Possibly.

Palnyshev told TechCrunch that the flaw, which PCAutomotive verified in Superb III, allows an attacker to steal a car owner's phone contact database if car contact sync is enabled. He said it would also be possible.

“Typically, phones are encrypted, so you can't easily extract the contact database,” Parnyshev said. “For infotainment units, the contact database is stored in clear text.”

Palnyshev pointed out that he could not find a way to circumvent the limitations of the vehicle's network gateway for accessing safety-critical vehicle controls such as the steering wheel, brakes, and accelerator.

In a study shared with TechCrunch before being made public on Thursday, PCAutomotive found that vulnerable MIB3 units are used in multiple Volkswagen and Skoda models and, based on public sales data, that the vulnerable It pointed out that it estimates there may be more than 1.4 million vehicles in existence.

But Parnishev said the number of vulnerable vehicles could be even higher, given the aftermarket parts market. “If you go to eBay and search for the part number, you'll find it. And if the previous user didn't delete it, their contact database will still be there as well,” he explained.

PC Automotive said Volkswagen applied the patch after the vulnerability was reported through the company's cybersecurity disclosure program.

In an emailed statement to TechCrunch, Skoda spokesperson Tom Drexler said: “Reported infotainment system vulnerabilities have been addressed and continue to be eliminated through continuous improvement management throughout the lifecycle of our products. There has never been anything like this, now or ever.”



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

WhatsApp fixes a “zero click” bug used to hack Apple users with spyware

August 29, 2025

According to Transunion, hackers say they stole the personal information of 4.4 million customers

August 28, 2025

The FBI says that China's salt typhoon has hacked at least 200 US companies

August 27, 2025

US sanctions fraud network used by North Korea's “remote IT workers” to steal money for work

August 27, 2025

Doge uploads live copies of Social Security databases to “vulnerable” cloud servers, whistleblower says

August 26, 2025

Security researchers map hundreds of Teslamate servers spilling Tesla vehicle data

August 26, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

US and India's VCS had just formed an alliance of over $1 billion to fund deep tech startups in India

September 2, 2025

You can still do it while volunteering in 2025

September 1, 2025

5 days left: The exhibition table is in turmoil in 2025

September 1, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.