Researchers find critical security flaws in popular car models [source: hackread]
by CIRT Team
Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital cannot ensure optimal security and the same has been the case with smart cars.
Security researchers Daan Keuper and Thijs Alkemade from Computest claim that some of the car models manufactured by Audi and Volkswagen contain a flaw that can be exploited by attackers easily over the internet. The problem is that Volkswagen doesn’t want to patch the flaw claiming that the models are not equipped with updating over-the-air capability.
For the purpose of this research [PDF], researchers at the Dutch security firm examined 9 different models. Volkswagen Golf GTE and Audi A3 were then finalized for the research after acquiring permission from the company for conducting an analysis of its cars’ security status.
It must be noted that Audi A3 is also manufactured by the Volkswagen Group. Unlike previous times when Volkswagen proved to be a hard nut to crack when it came to judging the security software, it installed in its cars, this time around the company was far more cooperative.
Researchers state that the two CAN (controller area network) buses that are used in the cars for safety-critical components (e.g. brakes and engine) and non-safety critical components (e.g. AC, wipers and dashboard), can communicate with each other. The communication is facilitated by a gateway and it is important because it ensures that features are working well.
For more, click here.