Currently 5102 Recalls

Skoda-infotainment-hacked-security

Skoda and VW cars can be hacked and track your location or calls

News

Cybersecurity experts have uncovered critical vulnerabilities in the infotainment systems of certain Skoda cars, raising alarm over potential risks to driver privacy and vehicle security. The findings were presented at Black Hat Europe by PCAutomotive, a company specialising in automotive cybersecurity.

The vulnerabilities and their impact

PCAutomotive discovered 12 vulnerabilities affecting the MIB3 infotainment unit in the Skoda Superb III sedan (used in other models as well). Alarmingly, these vulnerabilities can be exploited via Bluetooth from a range of up to 10 meters, requiring no prior authentication. This discovery builds on prior research, where nine other issues were identified in the same model.

By chaining these vulnerabilities together, hackers could inject malicious code, enabling:

  • Real-time tracking of the car’s location and speed.
  • Listen to conversations through the car’s microphone.
  • Exfiltrate the owner’s phone contacts stored in plaintext.
  • Manipulate the infotainment system to play sounds or display unauthorised content.

The possibility of extracting sensitive data, such as phone contacts, underscores significant privacy concerns, especially given that these are often stored unencrypted in the vehicle’s system.

Broader impact across models

While the primary focus has been on the Skoda Superb III, PCAutomotive’s analysis suggests the vulnerabilities may extend to other Skoda and Volkswagen models using the same infotainment platform. Estimates suggest over 1.4 million vehicles could be affected globally, excluding those with aftermarket installations, which further exacerbate the risks.

No impact on critical Safety systems

Importantly, the researchers clarified that while these flaws affect infotainment functions, they do not extend to critical safety functions such as braking or steering. The vehicle’s network gateway effectively isolates these systems, mitigating catastrophic risks.

Skoda’s response

Volkswagen, the parent company of Skoda, acted promptly to patch the vulnerabilities through its cybersecurity disclosure program. A Skoda representative Tom Drechsler assured customers that the company continuously improves its systems to address such threats, emphasizing that no immediate safety risks exist.

However, it might be a good idea to check with your nearest VW or Skoda authorised workshop that the security patch is already installed in your car.

Source: techcrunch.com, pcautomotive.com

cebia

What should an owner do if there's a recall?

Please note that the recall may not apply to all vehicles produced in a given period. If you think your car might be affected, you should immediately contact an dealer or workshop officially authorised to perform repairs on behalf of the manufacturer and ask for the details. You can use our sample request text. After reporting the vehicle's VIN code, you will find out if the defect is present on your car, or if it has already been resolved by the previous owner if the car was purchased second-hand.

More about

Recalls and Reliability

If you wish to know more about the eventual problems of a specific car (e.g. real mileage, potential traffic accident damages, odometer rollback, repairs, etc.), in that case, we suggest going to this page.

Check the vehicle's history
Do you know the year Your car was made? You most likely don't.

TÜV Report 2025: Which cars are most likely to fail inspection?

ADAC 2024: These are the 22 least reliable cars

German Dekra: These are the most and least reliable cars in 100,000 km tests

Car Recalls Family

car-recalls.eu

car-recalls.com

car-recalls.co.uk

Sources

EU Safety Gate

Kraftfahrt-Bundesamt

DVSA

Follow Us

Facebook

Google News

Feedly

RSS feed

More...

About Us

Newsletter

info@car-recalls.eu

© 2017 - 2025 Car-Recalls.eu . All rights reserved

Privacy Notice | Cookie Policy

All non-English texts are machine translated. Car-Recalls.eu accepts no responsibility for the accuracy of the translation. In case of discrepancies, the English version will prevail.
Deutsche version | Česky | US Recalls
Based on Weekly overview reports of RAPEX notifications, published free of charge in English on https://ec.europa.eu/rapex, © European Union, 2005 – 2025
The official contact points of the Member and EFTA-EEA States provide the information published in these weekly overviews. Under the terms of Annex II.10 to the General Product Safety Directive (2001/95/EC) responsibility for the information provided lies with the notifying party. The Commission nor the car-recalls.eu does not take any responsibility for the accuracy of the information provided.
The content owned by the EU on this website is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence.