The attack surface on modern connected cars is broad – Wi-Fi, Bluetooth, V2X, 2G/3G/4G, custom RF protocols, CAN, OBD2 interfaces, automotive Ethernet, USB ports, remote diagnostics, telematics, and mobile apps. During the presentation, we will show part of the results of penetration testing the modern European electric Volkswagen car model ID3. Our discovered vulnerabilities and security problems in car architecture are also applicable for such Volkswagen models like ID4, ID5 and affect hundreds of thousands of electric cars on the roads.

We will demonstrate how hackers can receive root access in Infotainment and Gateway modules in the cars, install backdoors and what hackers can do remotely with hacked cars. We will demonstrate how hackers can bypass digital signatures in software updating procedures in Automotive Grade Linux, exploit arbitrary code execution vulnerability in the network service of the QNX7 system, extract keys from trusted zones of the Gateway, and use Wi-Fi for remote control of installed backdoors.