Scammers have successfully gained access to VW’s update system. They were able to get hold of software updates for several brands of the Volkswagen Group, with which additional functions or an increase in performance can be activated. VW has solved this problem for the time being, but there must be permanent security.
VW: Fraudsters resold access to update servers
Fraudsters are said to be using the dealer portal of the VW Group Access to paid software updates provided to have. This can be used to tune up vehicles that have been upgraded at the factory, the full performance or additional functions of which have been deactivated by software. Customers actually pay a surcharge for this.
The scammers circumvented this, they probably used official dealer access and passed it on to unauthorized persons (source: Automobilwoche via Finanzen100). Not only VW cars should be affected but also from other group brands such as Audi, Skoda and Seat. Among other things, the voice control in the cockpit is said to have been activated, but a few additional horsepower could also be extracted.
According to Automobilwoche, VW writes in a message to its dealers: “Unfortunately, during security checks, we had to determine that authorized users of the dealer portal had made their access data available to third parties – in some cases actually – in violation of the terms of use, which gave them unauthorized access to the dealer portal received the applications offered.”
In contrast to the modern “over the air” updates, in the individual cases that have now become known – according to VW – the Updates are installed via the service interface via cable will. Nevertheless, it didn’t take more than a little criminal energy, a few clicks and the appropriate cable to circumvent the manufacturer’s specifications.
Software must not become the Achilles’ heel of car manufacturers
Even if these cases are not about e-cars and updates “over the air”, they do reveal problems that not only Volkswagen has to deal with. the Software division is becoming increasingly important for car manufacturers. Volkswagen is already relying on in-house developments and intends to massively expand these in the coming years.
Software updates already play an important role with the ID.5:
In addition to our own development, system security will also play a decisive role. In the current case, VW has solved the problem with the crowbar: the corresponding users were blocked and the dealer portal was completely shut down, which had already been planned anyway. the In the future, however, it will no longer be possible to simply switch off cloud systems for remote-controlled updates, especially for e-cars.