Skoda and Volkswagen Cars May Be Susceptible to Hacking Due to Infotainment System Vulnerabilities

Skoda Superb's infotainment system may allow malicious actors unrestricted code execution access.

Advertisement
Written by Shaurya Tomer, Edited by Siddharth Suvarna | Updated: 13 December 2024 15:51 IST
Highlights
  • Researchers discover vulnerabilities in the Skoda infotainment systems
  • It may allow remote code execution and vehicle location tracking
  • Skoda claims vulnerabilities have been addressed and eliminated

Skoda Superb III is reported to be one of the models impact by the vulnerabilities

Photo Credit: Skoda

Security researchers have discovered vulnerabilities of low-to-medium criticality in select Skoda and Volkswagen cars that may enable malicious actors to trigger certain controls, a cybersecurity firm announced at the Black Hat Europe 2024 event this week. At least 12 new vulnerabilities were found impacting the infotainment systems in the latest model of Skoda Superb III — a D-segment sedan manufactured by the Volkswagen Group which entered production in 2015. Although threat actors would need to connect to the vehicle via Bluetooth to get access, the attack may be carried even from a distance.

This builds upon the previous discovery of nine security flaws in the same vehicle that were reported last year.

Vulnerabilities in Skoda Cars

Cybersecurity firm PCAutomotive published a report detailing the vulnerabilities discovered in the third-generation model of Skoda Superb. The German sedan's MIB3 infotainment system may allow malicious actors unrestricted code execution access, enabling them to run malicious code upon startup. It is said to provide remote access to the vehicle's systems.

Advertisement

They may be able to track its speed and location in real time, eavesdrop on the in-car microphone, play sounds, and control its infotainment system. Another flaw may allow them exfiltrate the phone contact database if contact synchronisation with the phone is enabled. Further, the vulnerabilities could also allow access to the CAN bus which is used to connect with the vehicle's electronic control units (ECUs).

Although there are many suppliers of the MIB3 infotainment system, the researchers specifically talk about the one manufactured by Preh Car Connect Gmbh. It impacts the following models:

  1. Skoda Superb III
  2. Skoda Karoq
  3. Skoda Kodiaq
  4. VW Areteon
  5. VW Tiguan
  6. VW Passat
  7. VW T-Roc
  8. VW T-Cross
  9. VW Polo
  10. VW Golf

The sales data suggests that a total of 1.4 million vehicles from the Volkswagen Group are at risk. PCAutomotive reported the vulnerabilities to Skoda as part of its cybersecurity disclosure program. In a statement given to TechCrunch, Skoda revealed that they have been addressed and eliminated. “At no time was and is there any danger to the safety of our customers or our vehicles”, the German automotive company said.

 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Realme 14x 5G Confirmed to Pack 6,000mAh Battery; Charging Details Revealed
Naughty Dog Reveals Intergalactic: The Heretic Prophet, a New Sci-Fi Franchise for PS5
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Here's When the Redmi Note 15 Pro and Note 15 Pro+ Will Launch in India
  2. YouTube Takes on OpenAI's Sora With AI-Generated Shorts Feature
  3. iQOO 15 Ultra Design and Colourways Teased Ahead of Launch
  4. Samsung Galaxy S26 Series Launch Date Surfaces Ahead of Unpacked Event
  5. Google Pixel 10a Spotted With Familiar Design in Leaked Renders
  6. Crimson Desert Has Officially Gone Gold, Pearl Abyss Confirms
  7. NexDeck's New Smartphone Lets You Boot Android 16, Linux and Windows 11
  8. Ubisoft Cancels Prince of Persia: Sands of Time Remake, Delays 7 Games
  9. Aadukalam Streaming on SunNXT: Know Everything About Plot, Cast, and More
#Latest Stories
  1. Amazon Great Republic Day Sale: Best Deals on Robot Vacuum Cleaners
  2. OnePlus 15T Lands on 3C Certification Database Ahead of Launch in China: Expected Specifications
  3. Crimson Desert Has Officially Gone Gold, Launch Set for March 19
  4. Acer Chromebook Spin 311, Chromebook 311 Launched With MediaTek Kompanio 540 CPU: Price, Features
  5. Samsung Galaxy S26+ Bags 3C Certification; Might Not Launch With Charging Upgrade
  6. Apple Could Turn Siri Into an AI Chatbot to Rival OpenAI, Google: Report
  7. Powerful X-Class Solar Flare Sends CME Toward Earth, Storms Possible
  8. Scarpetta OTT Release Date: Nicole Kidman Turns Forensic Pathologist in This Upcoming Series
  9. Dhurandhar OTT Release Date Update: When and Where to Watch Ranveer Singh and Akshay Khanna Starrer Online?
  10. DoT Allows Licence-Free Use of Lower 6GHz Spectrum for Wi-Fi Routers, Sets Power Limits
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.