大众汽车海外车机系统曝漏洞，黑客可注入恶意程序获取车辆GPS等隐私内容

IT之家

20 Dec 2024

IT之家 12 月 20 日消息，在上周在欧洲举行的大型网络安全会议 Black Hat Europe 2024 中，研究人员公开了大众（Volkswagen）旗下的车载系统存在的 12 项安全漏洞。

据悉，相关漏洞允许黑客利用自制蓝牙设备绕过配对授权连接到车载系统的多媒体模块，之后即可部署各种恶意程序，允许黑客获取车辆的 GPS 定位信息、行驶速度数据、受害者设备同步到车机中的联系人和短信，还能利用车载麦克风录制驾驶员和乘客的对话内容，或在车内播放自定义音频内容。

▲ 安全公司展示接管车机屏幕、并获取车辆定位信息

据估算，约有 140 万辆大众和旗下子品牌斯柯达汽车受到影响，相关漏洞在通报后已由大众集团进行了修复。斯柯达发言人 Tom Drechsler 向外媒 TechCrunch 表示，公司已通过产品生命周期内的“持续改进管理流程”（软件更新）缓解了相关问题，目前这些漏洞未对车辆或车主造成实际威胁。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2492146329"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2492146329\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2492146329?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2024-12-20 13:02","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2492146329","market":"us","top_or_hot":-1,"title":"大众汽车海外车机系统曝漏洞，黑客可注入恶意程序获取车辆GPS等隐私内容","media":"IT之家","content":"<html><body><p>IT之家 12 月 20 日消息，在上周在欧洲举行的大型网络安全会议 Black Hat Europe 2024 中，研究人员公开了大众（Volkswagen）旗下的车载系统存在的 12 项安全漏洞。</p><p><img src=\"https://x0.ifengimg.com/ucms/2024_51/8534B954C1F33762A8298AEF5966A3B8F2564BC0_size78_w1440_h748.jpg\"/></p><p>据悉，相关漏洞允许黑客利用自制蓝牙设备绕过配对授权连接到车载系统的多媒体模块，之后即可部署各种恶意程序，允许黑客获取车辆的 GPS 定位信息、行驶速度数据、受害者设备同步到车机中的联系人和短信，还能利用车载麦克风录制驾驶员和乘客的对话内容，或在车内播放自定义音频内容。</p><p><img src=\"https://x0.ifengimg.com/ucms/2024_51/945361DF99040695459C005D088C0AAC915BD338_size31_w960_h378.jpg\"/></p><p>▲ 安全公司展示接管车机屏幕、并获取车辆定位信息</p><p>据估算，约有 140 万辆大众和旗下子品牌斯柯达汽车受到影响，相关漏洞在通报后已由<a href=\"https://laohu8.com/S/0P6N.UK\">大众集团</a>进行了修复。斯柯达发言人 Tom Drechsler 向外媒 TechCrunch 表示，公司已通过产品生命周期内的“持续改进管理流程”（软件更新）缓解了相关问题，目前这些漏洞未对车辆或车主造成实际威胁。</p></body></html>","source":"fenghuang_stock","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>大众汽车海外车机系统曝漏洞，黑客可注入恶意程序获取车辆GPS等隐私内容</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n大众汽车海外车机系统曝漏洞，黑客可注入恶意程序获取车辆GPS等隐私内容\n</h2>\n\n<h4 class=\"meta\">\n\n\n2024-12-20 13:02 北京时间&nbsp;&nbsp;&nbsp;<a href=https://tech.ifeng.com/c/8fSpM1DXzeX><strong>IT之家</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>IT之家 12 月 20 日消息，在上周在欧洲举行的大型网络安全会议 Black Hat Europe 2024 中，研究人员公开了大众（Volkswagen）旗下的车载系统存在的 12 项安全漏洞。据悉，相关漏洞允许黑客利用自制蓝牙设备绕过配对授权连接到车载系统的多媒体模块，之后即可部署各种恶意程序，允许黑客获取车辆的 GPS 定位信息、行驶速度数据、受害者设备同步到车机中的联系人和短信，还能...</p>\n\n<a href=\"https://tech.ifeng.com/c/8fSpM1DXzeX\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"VLKAY","symbol_name":"大众汽车","start_time":0,"source_url":"https://tech.ifeng.com/c/8fSpM1DXzeX","article_id":"2492146329","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2492146329","pubTimestamp":1734670938,"columns":[],"sourceInfo":{"source_id":"fenghuang_stock","name":"凤凰网"},"weMediaInfo":null,"summary":"▲ 安全公司展示接管车机屏幕、并获取车辆定位信息据估算，约有 140 万辆大众和旗下子品牌斯柯达汽车受到影响，相关漏洞在通报后已由大众集团进行了修复。斯柯达发言人 Tom Drechsler 向外媒 TechCrunch 表示，公司已通过产品生命周期内的“持续改进管理流程”缓解了相关问题，目前这些漏洞未对车辆或车主造成实际威胁。","collect":0,"end_time":0,"defaultTopTitle":"ifeng.com","property":[],"viewcount":null,"language":"zh","relate_stocks":{"VLKAY":"大众汽车"},"translate_title":"Volkswagen's overseas car system exposes vulnerabilities, hackers can inject malicious programs to obtain private content such as vehicle GPS","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"VLKAY":1},"content_text":"IT之家 12 月 20 日消息，在上周在欧洲举行的大型网络安全会议 Black Hat Europe 2024 中，研究人员公开了大众（Volkswagen）旗下的车载系统存在的 12 项安全漏洞。据悉，相关漏洞允许黑客利用自制蓝牙设备绕过配对授权连接到车载系统的多媒体模块，之后即可部署各种恶意程序，允许黑客获取车辆的 GPS 定位信息、行驶速度数据、受害者设备同步到车机中的联系人和短信，还能利用车载麦克风录制驾驶员和乘客的对话内容，或在车内播放自定义音频内容。▲ 安全公司展示接管车机屏幕、并获取车辆定位信息据估算，约有 140 万辆大众和旗下子品牌斯柯达汽车受到影响，相关漏洞在通报后已由大众集团进行了修复。斯柯达发言人 Tom Drechsler 向外媒 TechCrunch 表示，公司已通过产品生命周期内的“持续改进管理流程”（软件更新）缓解了相关问题，目前这些漏洞未对车辆或车主造成实际威胁。","kind":"news","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"-1","news_tag":"policyRegulatory","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}