The spectacular, but ultimately harmless, hacking of the My Volkswagen app by an Indian cyber researcher last year continues to raise serious questions about cyber security for millions of connected vehicles, triggering demands for more rigorous secure-by-design approaches.
Serious flaws in the My Volkswagen app made it all too easy for the researcher, Vishal Bhaskar, to gain access to large amounts of personal and vehicle data.
Chief Technology Officer at Device Authority.
He was able to arrive at the correct combination of four digits through automation. He then uncovered internal usernames, passwords, tokens and credentials for third-party payment processors.
From another endpoint, he employed the vehicle identification number (VIN) to access customers’ personal details and brought up service histories for any vehicle, customer complaints and satisfaction surveys.
The vulnerabilities were reportedly patched in May of…
