NavInfo Europe Cybersecurity researchers, Yuriy Serdyuk and Alexey Kondikov recently presented the research “Back-connect to the Connected Car. Search for Vulnerabilities in the VW Electric Car” at Black Hat Europe 2022 in London.
Black Hat is one of the most respected international information security events, which provides the latest cutting-edge research, developments, and trends for the cybersecurity community. During the session, we showcased part of the results of penetration testing the Volkswagen electric car ID.3. We demonstrated what hackers could do with modern cars. We showed how hackers could bypass digital signatures in software updating procedures in automotive-grade Linux, exploit arbitrary code execution vulnerabilities in the network service of the QNX7 system, and extract keys from trusted zones. We also demonstrated how hackers could use Wi-Fi or 4G networks to control installed backdoors remotely.
Since we informed VW about vulnerabilities, we have been listed as a cybersecurity supplier by VW group and have had continuous technical alignment to support them from different perspectives. VW teams visited our cyber garage in Eindhoven to go through the hacking scenarios we demonstrated in the presentation.
Moving forward, we will continue our cybersecurity research for wireless interfaces (e.g. Bluetooth, Wi-Fi, C2X), automotive interfaces in stand-alone ECUs, and back-end services of connected vehicles. We will also continue to collaborate with other OEMs to test and validate the cybersecurity protection of electric and connected cars.
“The automotive sector goes through a significant transformation as vehicles become increasingly connected, autonomous, and more intelligent. The whole automotive industry is facing unprecedented cybersecurity challenges. We see tremendous opportunities for implementing new cybersecurity solutions, approaches, and processes for modern vehicles in all stages of the vehicle’s life cycle. We also believe that openly sharing the insights on vulnerability findings with the cybersecurity community, such as Blackhat, and the automotive community helps drive the whole industries forward and make new cars safer”, said Sergey Razmakhnin, the Head of Cybersecurity at NavInfo Europe.
Link to the published research.
About NavInfo Europe
NavInfo Europe is a leading software service provider for the automotive industry since its establishment in 2011. From its roots in digital navigation maps and location data, it has successfully branched out its expertise in AI and Cybersecurity to deliver high-quality and reliable customized products and services. With its solutions, NavInfo Europe is committed to innovating and accelerating the deployment of a safe and smarter future.