The infotainment systems of modern cars they have become complete on-board computers. Also, and as you know by now, you can access your mobile from the integrated screens. However, the system used by VW or Audi cars - we do not know if other VAG group vehicles such as SEAT or Skoda - may have a security vulnerability in its system and can be hacked remotely.
As you well know, modern infotainment systems not only show you the consumption of the car, the current date, the temperature or when there is a fault in the car. No, you can currently handle many parameters from this type of computer system. For example: access and adjust vehicle gear settings; being able to display GPS navigation in great detail; access our mobile and offer WiFi points.
With these last two topics, analysts of a computer security company (Computest) in which tests with the WiFi of the infotainment system that some Audi and VW vehicles mount - more specifically a VW Golf GTE and an Audi A3 Sportback e-Tron- have been able to access the system remotely and enter the root account —Superuser— of the system. Now, the most dangerous thing came when analysts realized that they not only had access to data from the car, but also to user data.
And what do we mean exactly? According to Computest workers, both vehicles showed data that made reference to the user's agenda and could listen to the conversations through the connection that was maintained with the smartphone —Here we don't talk about Apple's CarPlay or Google's Android Auto—; We assume that through the Bluetooth connection both systems are exposed. What's more, they could remotely activate and deactivate the microphone of the VW and Audi infotainment system.
Also, this is not all. Since they also accessed the GPS navigation system and obtained a complete record of where the driver had been at all times. We assume that only in case of making use of the mapping system—; otherwise it would scare the subject even more.
According to the discoverers of this security hole, companies should have found this vulnerability by doing appropriate security tests. It looks like, They have an appointment with VW to discuss this finding but they tell us that the car company had no record of this problem.